New York polls crypto firms on security measures after Twitter hack

Published at: Oct. 16, 2020

The New York Department of Financial Services, or NYDFS, has released a lengthy report analyzing the impact of July’s high-profile Twitter hack, which resulted in the theft of over $118,000 worth of Bitcoin (BTC). 

Far beyond the immediate material impact, the NYDFS states that the incident exposed deep cybersecurity weaknesses of a publicly-traded social media company valued at $37 billion and counting over 330 million active monthly users. The discovery has serious consequences in light of the platform’s ever-expanding influence on both financial markets and the political sphere. 

Two key sections of the NYFDS report, published on Oct. 14, tackle the Twitter hack’s impact on the department’s cryptocurrency licensees, and how these companies responded to protect their clients from the fraud. NYFDS also surveyed and compiled crypto firms’ recommendations on how to prevent a similar cyberattack from succeeding in the future.

The agency notes that in the third phase of the hack, the attackers took aim at the Twitter accounts of crypto companies, which included NYDFS-regulated entities. These “responded quickly to block impacted addresses, demonstrating the maturity of New York’s cryptocurrency marketplace and those authorized to engage within it. Their actions show that New York continues to set a high standard and attract only the most responsible actors.”

Coinbase, Gemini and Square, all of which provide wallet services and whose Twitter accounts were hacked, rapidly blocked the Bitcoin addresses posted by the hackers on Twitter. According to NYFDS’ survey, each of the companies blocked the relevant addresses within 40 minutes of their accounts being hacked. 

Fifteen surveyed crypto firms in total blocked transfers to the addresses, while seven did not. The report notes that some companies have different business models and do not directly handle custody and transfer services, which accounts for their inaction. 

Among those that do, Coinbase blocked around 5,670 transfers, valued at roughly $1,294,000; Square blocked 358, valued at roughly $51,000; Gemini blocked two, valued at roughly $1,8000; and Bitstamp blocked one, valued at $250.

The other focus of the NYFDS survey and report was to analyze which security measures the crypto firms took to protect their social media accounts following the hack, and gather key recommendations to cement security going forward. 

These included using strong and unique passwords, monitoring social media accounts for unauthorized posts, using multi-factor authentication but avoiding SMS-based MFA due to its susceptibility to hacks, and limiting employee access to social media accounts. 

Placing the hack in context, NYFDS notes that in 2019, millions of people worldwide lost over $4.3 billion to cryptocurrency scams — up from just $650 million in 2018. Exploiting the pandemic, scammers have already stolen over $380 million in the first half of 2020. One scammer tactic that intersects with the Twitter hack “impersonating Elon Musk on Twitter” has already cost victims almost $200,000 in Bitcoin. Such incidents have spurred the entrepreneur to warn his followers:

Report as soon as you see it. Troll/bot networks on Twitter are a *dire* problem for adversely affecting public discourse & ripping people off. Just dropping their prominence as a function of probable gaming of the system would be a big improvement.

— Elon Musk (@elonmusk) February 1, 2020
Tags
Related Posts
Top 10 tweets of the year
Yes, yes, I know: You’re an excellent Twatter, and omitting from this list your one zinger that got 50 likes borders malfeasance. Likewise, this reporter is a negligent compiler of listicles for overlooking some spicy day where your favorite trader-nee-influencer colorfully described Brad Garlinghouse’s anatomy. If it’s any consolation, please know that I hate the hellsite just as much as you do. The year was terrible for almost all of the planet, and even though crypto enjoyed a strong secular bull market, everyone still managed to come together, rise above adversity, and treat each other horribly anyway. I looked up …
Blockchain / Dec. 26, 2020
Experts Concerned Over Twitter’s Ability to Tweet on Behalf of Users
Cybersecurity experts are warning that the Twitter hack on July 15 shows that the social network needs to strengthen its security in order to avoid a worse black swan scenario with serious consequences. In the most recent incident, attackers launched a crypto giveaway scam by posting phishing messages through the hijacked profiles of celebrities and high-ranked political personalities worldwide, collecting over 13 Bitcoin (BTC) from the victims. The attack could have been worse Ilya Sachkov, CEO of threat intelligence firm Group-IB, believes the attack demonstrated a “huge problem of low financial literacy and bad cyber hygiene.” He told Cointelegraph: “This …
Technology / July 21, 2020
Twitter Promises Additional Security Measures
Twitter vows to add more security training and measures as the fallout from Wednesday’s wide-scale hack on the social platform continues. Twitter said in a statement that it is continuing its investigation into the hack while it looks to provide more company-wide security training against social engineering tactics. This will be in addition to cybersecurity coaching they get during onboarding and ongoing phishing exercises. About 130 accounts were compromised on Wednesday when hackers took over prominent Twitter accounts in a Bitcoin hoax. Those compromised included Elon Musk, Kanye West, Bill Gates, former vice president and current presidential candidate Joe Biden, …
Bitcoin / July 18, 2020
Indian prime minister Modi's hacked Twitter account attempts BTC scam
The official Twitter account of Indian Prime Minister Narendra Modi got compromised earlier today, which was then used to share misleading information about the mainstream adoption of Bitcoin (BTC) and redistribution of 500 BTC among the Indian citizens. On Dec. 10, Modi said in a virtual event virtual summit hosted by US President Joe Biden that technologies such as cryptocurrencies should be used to empower democracy and not undermine it: “By working together, democracies can meet the aspirations of our citizens and celebrate the democratic spirit of humanity.” While the long-awaited Lok Sabha Winter Session, a parliamentary meetup intended to …
Adoption / Dec. 12, 2021
Here's how to quickly spot a deepfake crypto scam — cybersecurity execs
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain / Jan. 13, 2023