Author

Topic: [scam] Twitter hacked and Cryptoforhealth (Read 418 times)

hero member
Activity: 1456
Merit: 624
Maintain Social Distance, Stay safe.
July 31, 2020, 11:00:16 AM
#37
If you look at Twitter's hackerone bounty payout category then for Oauth vulnerabilities they are paying 7k USD, but in the hacking case, the guy was able to take more than 100k$.

While a hacker is able to scam 100k$ then 7k$ is worthless. But the hacking fund is scam and the fund of the bounty is real. Yet, twitter should increase the bounty amount so that hacker do not take fund from public, and twitter can get their issue and solve their issue.
member
Activity: 192
Merit: 72
Security
That was evident.
If you look at Twitter's hackerone bounty payout category then for Oauth vulnerabilities they are paying 7k USD, but in the hacking case, the guy was able to take more than 100k$.

It is shame that twitter has these policies, recently apple announced 100k USD to a guy who found similar oAuth vulnerability in the iPhone app.

Policies of twitter need to be rethought upon.





hero member
Activity: 1456
Merit: 624
Maintain Social Distance, Stay safe.


It is interesting is that hackers used Chipmixer and Wasabi wallet to wash coins. They also used several exchanges and gambling websites.
You can see full report made by CipherTrace:
https://ciphertrace.com/twitter-hack-update-scammed-funds-traced-to-exchanges-and-mixing-services/

It is good that they had traced where the funds sent to. But it is still far from reaching to the scammer. It will be too much pleasant if they can trace the scammer and can give the appropriate punishment.
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1


It is interesting is that hackers used Chipmixer and Wasabi wallet to wash coins. They also used several exchanges and gambling websites.
You can see full report made by CipherTrace:
https://ciphertrace.com/twitter-hack-update-scammed-funds-traced-to-exchanges-and-mixing-services/
legendary
Activity: 3178
Merit: 1140
#SWGT CERTIK Audited
I read the problem is internal it has nothing to do with the users, it's the fault of some of their employers that twitter was hacked, if these things happen again it's more likely that people will stop using twitter, or they will support an alternative
Apparently the hackers used some employees to access the system without their knowledge. I read twitter gonna make them attend lessons to avoid such mistakes in the future.

imagine what will happen if Trump account is hacked, there could be chaos.
Twump message gonna be send meh 0.5 bitcoin if you want me to stay or 1 bitcoin if you wanna me to quit. Most transactions with the said amount will determine my later action! You have 1 hour.
Now a Twitter like that gonna be so attractive Tongue
A little bit serious: hackers didn't hacked him because whether they are afraid from the consequences or else...conspiracy theory related to Hillary email scenario?
hero member
Activity: 2926
Merit: 567
People should not blindly trust whatever they see on Twitter or read and listen on news.
They should use their brain and thinking power before doig anything or sending btc to any address.
Twitter now disabled posting of bitcoin addresses in tweets, but people found out that QR image codes are still allowed.
This is not the way to solve this situation.

I read the problem is internal it has nothing to do with the users, it's the fault of some of their employers that twitter was hacked, if these things happen again it's more likely that people will stop using twitter, or they will support an alternative, imagine what will happen if Trump account is hacked, there could be chaos.
hero member
Activity: 2660
Merit: 551

I mean that such big celens tweeting about crypto and saying double your investment is not something that can be believed as it screams SCAM. Exchanges tweeting about it still makes sense but not Bill Gates.

Obviously, there are naive (greedy) people who still fall for such tricks. You know how they say, "There's a sucker born every minute". 
Many people from different continents fall into this scam unfortunately and big number was sent to the scammers. But apparently the hackers return is not only this old trick, they also hacked rare accounts with special short numbers and sold it, in addition to downloading famous people data. They will analyse it and maybe start extorting them too...

And that is the more dangerous part of this, the data (sensitive or not) that the hackers where able to get hold of during this breach. Specially that high profile names are involved, like ex-Presidents or those billionaires and this is the most scary part of it. Money is just around $120k, manageable to say the least and many people fell for it, but the hackers could really get $$$ millions but he didn't maybe because his real intention is to scoop more damaging data from those people.
legendary
Activity: 3178
Merit: 1140
#SWGT CERTIK Audited

I mean that such big celens tweeting about crypto and saying double your investment is not something that can be believed as it screams SCAM. Exchanges tweeting about it still makes sense but not Bill Gates.

Obviously, there are naive (greedy) people who still fall for such tricks. You know how they say, "There's a sucker born every minute". 
Many people from different continents fall into this scam unfortunately and big number was sent to the scammers. But apparently the hackers return is not only this old trick, they also hacked rare accounts with special short numbers and sold it, in addition to downloading famous people data. They will analyse it and maybe start extorting them too...
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino

I mean that such big celens tweeting about crypto and saying double your investment is not something that can be believed as it screams SCAM. Exchanges tweeting about it still makes sense but not Bill Gates.

Obviously, there are naive (greedy) people who still fall for such tricks. You know how they say, "There's a sucker born every minute". 
legendary
Activity: 2632
Merit: 1094
Twitter posted about it saying it was a coordinated SE attack but wonder why the hacker posted from these celeb's accounts. It was so obvious that it was a scam attempt but Twitter also proved to be so vulnerable.

What do you mean by 'why the hacker posted from these celeb's accounts'? He first started with accounts from crypto exchanges and prominent people from the crypto world. After that, he continued with the accounts of celebrities with a large number of followers. I guess he didn’t know how long he would be able to sustain the scam so he first used the accounts to reach out to the largest number of potential victims.


I mean that such big celens tweeting about crypto and saying double your investment is not something that can be believed as it screams SCAM. Exchanges tweeting about it still makes sense but not Bill Gates.
legendary
Activity: 3178
Merit: 1140
#SWGT CERTIK Audited
Hackers are sending coins to several exchanges and they have history in Bitmex and Coinbase
Source with more information:
https://pastebin.com/xWA14Hrz

In total there are 12 identified addresses:

https://www.elliptic.co/our-thinking/insights-from-elliptic-twitterhack-and-bitcoin-money-laundering
Thanks was searching for something like this.
400 payments = $121,000 collected coming mainly from Asia (1/2) and North America (1/4)...
Funds moved from 3 addresses to 12 addresses + exchanges...
The good thing is the real time monitoring of the situation!
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
Hackers are sending coins to several exchanges and they have history in Bitmex and Coinbase
Source with more information:
https://pastebin.com/xWA14Hrz

In total there are 12 identified addresses:


https://www.elliptic.co/our-thinking/insights-from-elliptic-twitterhack-and-bitcoin-money-laundering
sr. member
Activity: 1498
Merit: 326
Vave.com - Crypto Casino
I am just surprised about this big scam and trying to emagine if they sell BTC all the Crypto market will be crashed.
Is there any way to get them back from scammers? Or to lock them so that they can't make market spoiled?
Probably not a chance until they caught them barehand. But with a decentralized manner of bitcoin how can you track the owner or even know his identity? Locking those bitcoin is impossible since no one can control over it. Maybe if it was tether can since they managed to do this on some address last few weeks issue. This proof how decentralized bitcoin is, a perfect gauge for scammers cause they know they cant be hunt easily.

The only way victim can get it back if Twitter compensate them for this incident. Well for the loss bitcoin called it donation already.
member
Activity: 362
Merit: 12
I am just surprised about this big scam and trying to emagine if they sell BTC all the Crypto market will be crashed.
Is there any way to get them back from scammers? Or to lock them so that they can't make market spoiled?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Twitter now disabled posting of bitcoin addresses in tweets, but people found out that QR image codes are still allowed.

To be honest, how many people are going to take out their phones and scan a QR code they see on twitter? Not to mention that images on twitter are usually cropped unless you click on them.
legendary
Activity: 3178
Merit: 1140
#SWGT CERTIK Audited
That's horrible and more serious than I imagined.  (Is Trump partnered also with scamforhealth too? Out of curiosity Roll Eyes )
Is anyone here collecting the scammy addresses, finding it which Wallet is being used...?
jr. member
Activity: 54
Merit: 23
Well done for the Twitter employees who are also hackers. This finally proves that Twitter is not trusted to share their privacy with them.

Tell me he's a Twitter employee? do you know that most hacks or embezzlement are carried out by a member of the team?

Even the bitcoin blockchain network has not yet been hacked at 54%.
Twitter the network 100% hacked.
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
People should not blindly trust whatever they see on Twitter or read and listen on news.
They should use their brain and thinking power before doig anything or sending btc to any address.
Twitter now disabled posting of bitcoin addresses in tweets, but people found out that QR image codes are still allowed.
This is not the way to solve this situation.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
I think we won't see any rectifying on behalf of Twitter in this situation, I would be happy if I'm wrong though.
I do hope they would, massive bitcoin were stolen in an instant due to twitter irresponsibility. Yeah maybe its not wise to fall for this kind of giveaway but like other's said here it was started on their own platform giving the choice to victim a dead end.

Nothing helps when you have insider job hack, but there must be some kind of protection that is working as Trump was not hacked yet  Smiley
Someone could abused this to cause much more harm in the world.
Maybe they know they will end up in jail directly if they messed up on a jaguar like trump. So they wont even try it.
legendary
Activity: 2320
Merit: 1292
Encrypted Money, Baby!
This is the biggest Twitter hack till date. I want to believe that verified accounts have extra security - say 2FA, Auth etc prior to the hack. So it means the cause of the hack isn't from the user's side but Twitter.  Since those accounts were all verified accounts, it only means that the hack was targeted at only verified accounts with huge amount of followers. What's interesting about the entire saga is the fact that they only targeted well known accounts.

Twitter has been the de-facto platform for people to engage on a professional level, this hack leaves a lot of questions on how secured the platform is.
I wouldn't call what's going on on Twitter "professional" Grin but you're right in one point: the source of this was Twitter. But it was not a hack, it was – as pointed out above – a social engineering attack on one of their gullible employees who just had access to the admin panel.

Someone likely (I'm assuming) scooped the passwords (maybe when the employee logged in?), logged himself in into the admin panel and started posting in the names of other high profile accounts. Nothing got hacked.
hero member
Activity: 2212
Merit: 805
Top Crypto Casino
This is the biggest Twitter hack till date. I want to believe that verified accounts have extra security - say 2FA, Auth etc prior to the hack. So it means the cause of the hack isn't from the user's side but Twitter.  Since those accounts were all verified accounts, it only means that the hack was targeted at only verified accounts with huge amount of followers. What's interesting about the entire saga is the fact that they only targeted well known accounts.

Twitter has been the de-facto platform for people to engage on a professional level, this hack leaves a lot of questions on how secured the platform is.
legendary
Activity: 1596
Merit: 1288
we can have a lot of analyzes, some of which are illogical such that they did not have time to prepare a better scam, they could ignite a third world war.
logical behavior is that they want to embarrass Twitter and prove that it is weak, after the last comment on Trump's tweets, and they also want to promote bitcoin.
If they return bitcoin to their owners, they will prove this analysis.
It is the best promotion for bitcoin has happened before.



that was must happen from exchanges. hacker was using site then used addresses
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
Twitter posted about it saying it was a coordinated SE attack but wonder why the hacker posted from these celeb's accounts. It was so obvious that it was a scam attempt but Twitter also proved to be so vulnerable.

What do you mean by 'why the hacker posted from these celeb's accounts'? He first started with accounts from crypto exchanges and prominent people from the crypto world. After that, he continued with the accounts of celebrities with a large number of followers. I guess he didn’t know how long he would be able to sustain the scam so he first used the accounts to reach out to the largest number of potential victims.
legendary
Activity: 2632
Merit: 1094
Twitter posted about it saying it was a coordinated SE attack but wonder why the hacker posted from these celeb's accounts. It was so obvious that it was a scam attempt but Twitter also proved to be so vulnerable.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
It seems that 2FA is not helpful when it comes to insider attacks.
Nothing helps when you have insider job hack, but there must be some kind of protection that is working as Trump was not hacked yet  Smiley
Someone could abused this to cause much more harm in the world.

Looks like the hacker didn't have much time to prepare this scam. He used the simplest method and tried to make maximum profit. But the truth is, with enough planning this could have been a lot worse.
Combine human stupidity with fear and the sky is the limit!
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
It seems that 2FA is not helpful when it comes to insider attacks.
Nothing helps when you have insider job hack, but there must be some kind of protection that is working as Trump was not hacked yet  Smiley
Someone could abused this to cause much more harm in the world.
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑

What can you do to protect yourself?
- Add more security and 2FA to your twitter account
- Log out all other sessions
- Revoke access for all 3rd party apps


It seems that 2FA is not helpful when it comes to insider attacks.



According to Chainalysis, scammers posted at least three btc addresses and one xrp address. Almost all funds came from different centralized exchanges, the largest donation of 40k $ was sent from Japanese exchange. Check full thread for more information https://twitter.com/chainalysis/status/1283576349630836737

Centralized exchanges started censoring those addresses used by twitter scammers.

sr. member
Activity: 378
Merit: 335
https://t.me/CRYPTOVlKING
This particular case clearly shows us a distinction between centralized services like Twitter and decentralized systems like Bitcoin. In Bitcoin, it is not possible to convince or bribe someone to help hacking Bitcoin. It is just not possible, because there is no point of failure, no malicious employees selling admin tools. Hackers can use social engineering to steal bitcoins from individuals, but they cannot hack the very protocol and steal all bitcoins.

Quote
A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.

Source: https://www.vice.com/amp/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos


Another point for decentralization.

Social hacking is and was the most reliable way to hack big systems or corporations and that won't change. Human is always the weakest link in any system. Some are not careful enough and cause this kind of things, but even those that are extra careful always have something to lose and if you know what they cherish the most - they are hackable.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
An investigator could start in which what could've been the common things that they have? Not just the literally they have millions of followers, some have crypto-related content or anything. I thought of these things below.
  • What third-party companies/software they have been using in common
  • The API tokens of twitter have been compromised?
  • Are the timestamp on the tweets similar?

Maybe to that extent, but oh boy, it's a big tarnish towards the Twitter name.



Twitter is at fault here and should rectify for those who victimized by sending bitcoins to the scammer wallet.
They are definitely part of the reason why the scam had started in the first place. I think they need to up their game on their servers and be more secure with how accounts can get access. I think there are more reasons for how they could've accessed it.
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
This particular case clearly shows us a distinction between centralized services like Twitter and decentralized systems like Bitcoin. In Bitcoin, it is not possible to convince or bribe someone to help hacking Bitcoin. It is just not possible, because there is no point of failure, no malicious employees selling admin tools. Hackers can use social engineering to steal bitcoins from individuals, but they cannot hack the very protocol and steal all bitcoins.

Quote
A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.

Source: https://www.vice.com/amp/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos
sr. member
Activity: 378
Merit: 335
https://t.me/CRYPTOVlKING
Oh boy! I saw this Tweet and this address has 35k btc which according to the tweet also belong to the scammer who did this twitter incident.

Code:
1A5PFH8NdhLy1raKXKxFoqUgMAPUaqivqp

These guys knows well how to do it and when. Imagine how many people got fooled by using authentic accounts of known people including previous President Obama. I believe this is a group who operates at large scam scale attempt. How could they amass 35k btc that worth $300 million? This will affect the crypto industry, no matter where we viewed it.

Twitter is at fault here and should rectify for those who victimized by sending bitcoins to the scammer wallet.



I think we won't see any rectifying on behalf of Twitter in this situation, I would be happy if I'm wrong though. I think there are more wallets involved in this scam and that numbers will be even bigger in coming days as more info is unveiled.

I saw at least 3 wallets exposed and tied to scammers so far and most likely more will be coming.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
Oh boy! I saw this Tweet and this address has 35k btc which according to the tweet also belong to the scammer who did this twitter incident.

Code:
1A5PFH8NdhLy1raKXKxFoqUgMAPUaqivqp

These guys knows well how to do it and when. Imagine how many people got fooled by using authentic accounts of known people including previous President Obama. I believe this is a group who operates at large scam scale attempt. How could they amass 35k btc that worth $300 million? This will affect the crypto industry, no matter where we viewed it.

Twitter is at fault here and should rectify for those who victimized by sending bitcoins to the scammer wallet.

member
Activity: 280
Merit: 43


Twitter accounts of crypto exchanges and influencers are being hacked across board, Hackers are asking for donations and have already made 0.18 BTC. Affected accounts include Binance, CoinDesk, Coinbase, Gemini, CZ_Binance, Kucoin, Justin Sun, Charlie Lee and more. Do not click on any link on Twitter and please report all affected accounts as hacked! Take note: All Tweet are NOT #SAFU
member
Activity: 952
Merit: 27
Glad that it's archived immediately after the scam announcement but there are some casualties but could be coming from scammers funds so they can enticed people to invest, people nowadays should do a lot of research and asking about the veracity of every announcement that's coming, we can never really tell if all of these are real.
hero member
Activity: 1456
Merit: 624
Maintain Social Distance, Stay safe.
Twitter API compromised and big Twitter accounts posting about cryptoforhealth.com scam
Real accounts posting and retweet random giveaways
So cryptoforhealth.com is undoubtedly a scam site. I have also been informed it via coinbase. For this scam by twitter API, wont twitter face court to give the retention to those people/company who losses fund for this scam. I think twitter should have take the liability as they approved the API. They should approve only those API which is not harmful.
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
Many more hacked and this scam went crazy on Twitter!!!

- Mr Beast
- Elon Musk
- Bill Gates
- Kanye West
- Floyd Mayweather
- Apple
- Jason Elia
- Obama
- xxxTentacion
- vrunt
- LuckyovLegends
- Warren Buffet
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
What Happened: Twitter API compromised and big Twitter accounts posting about cryptoforhealth.com scam
Real accounts posting and retweet random giveaways

Code:
website: https://cryptoforhealth.com/
Archived: https://web.archive.org/web/20200715195113/https://cryptoforhealth.com/
twitter: https://twitter.com/binance
Archived: https://web.archive.org/web/20200715195958/https://twitter.com/binance
https://twitter.com/Bitcoin
https://web.archive.org/web/20200711164007/https://twitter.com/Bitcoin


https://twitter.com/chainalysis/status/1283576349630836737

What can you do to protect yourself?
- Add more security and 2FA to your twitter account
- Log out all other sessions
- Revoke access for all 3rd party apps

















Quote
Domain Name: cryptoforhealth.com
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com/
Updated Date: 2020-07-15T07:00:00Z
Creation Date: 2020-07-15T07:00:00Z
Registrar Registration Expiration Date: 2021-07-15T07:00:00Z
Registrar: NameSilo, LLC
Jump to: