Twitter Crypto Scammers Spoof Bloomberg Reporters’ Accounts to Get Ethereum

Jordana Sacks
  • Bloomberg journalists Olga Kharif and Lily Katz state: “We’re not running any crypto scams, regardless of what Twitter says.”
  • Fraudsters spoofed both of the writers’ accounts in a bid to scam their followers.

Twitter has been embroiled in a number of cryptocurrency scams in recent months, with the latest involving Bloomberg journalists Lily Katz and Olga Kharif.

The two report that in the first three weeks of May this year, fraudsters copied a large amount of information from their pages, along with their profile photos, and used this to promote ether scams to their 17,000 followers.

As if this wasn’t not bad enough, Ms Katz and Ms Kharif have stated that despite multiple requests to Twitter to have their doppelgangers removed, at least one remains, still pushing their fraudulent deals to the platform’s users.

These bot-driven fakes typically work by targeting individuals and companies, as in the case of the two Bloomberg employees. Roger Kay, president of Endpoint Technologies Associates, explains:

“Setting up a bot is easy-peasy. The sign up probably takes longer than the programming.”

Roger Kay, president of Endpoint Technologies Associates

Ms Katz was targeted first, with her imposter, @LilyKatz5, tweeting to her followers with the promise of up to 100 ether for anyone who transferred even a small amount of cryptocurrency to them.

Although Twitter did shut down the account once Ms Katz had uploaded a photo of her passport as proof of her legitimacy, another fraudster impersonated her just two weeks later, using the journalist’s name and photo to spam her followers with more false pledges of ether.

This resulted in 10 separate transactions of the cryptocurrency to an account linked to Twitter handle @subidetu4629 over the space of a fortnight.

Ms Kharif discovered that she was also being impersonated on the 10th May. Despite twice notifying Twitter of the issue, no action was taken as the journalist refused to share her personal documents online due to privacy concerns. The website took this inability to prove her identity as an excuse not to take action, allowing the fraudster to remain active.

The Bloomberg journalists are not the first to have been targeted by these fraudulent bots, with both Elon Musk and Ethereum co-founder Vitalik Buterin already having fallen victim. As Luke McNamara, a principal analyst at FireEye Inc. explains:

“This is a space where individuals are responsible for their own security. That’s why we’ve seen so many bad actors gravitating into [it].”

Luke McNamara, principal analyst at FireEye Inc.

Twitter maintains that it’s aware of the problem and is doing its best to fix it, with its chief executive officer Jack Dorsey promising that the company is “trying to fight scams”. The social media platform has notably banned cryptocurrency-related ads earlier this year, although Dorsey himself believs bitcoin will be the world's "single currency" by 2028.

Featured image credit: Max Pixel

These Top Exchanges Have Been Hacked so Far… or Not

Written by: Julia Gerstein, a crypto trading bots enthusiast and a content writer at TradeSanta. My final goal is to help readers find what they need, understand what they find, and use what they understand appropriately.


On Nov. 27, 2019 around $52 million worth of Ethereum (ETH) was transferred from the UPbit hot wallet to the address of someone who is now known as UPbit Hacker #1. This, of course, is not the first or the last hack in the long list of crypto exchange breaches. Still, the more time passes, the more millions get nabbed, which raises concerns about lessons learnt.

At present, there are hundreds of exchanges on the crypto market, so we are not going to look into all of them. It is probably fair to assume that most of them are not interesting hack targets.

In this piece, we decided to take a look at the exchanges that are known to have considerable trading volume and have been on the market for a while.

We’ll start with exchanges that have highest trading volume, then look at the ones with lowest wash trading and finish with the popular exchanges that weren’t hacked despite their long history on the market.

How many were attacked? And which ones were not hacked at all?

Top exchanges hacked

The initial criterion for this particular group of exchanges to get the “top” spot is their trade volume. As of writing, Binance has got a $ 686.54 mln daily trade volume, OKEx reports $ 339.73 million and Bitfinex - $ 49.40 million.

Binance - 7,000 Bitcoin (BTC) stolen, May 7, 2019

How many hacks: 1 reported hack

Reimbursement: Binance claimed to refund users’ lost coins from its emergency fund, SAFU.

The mechanics of the hack: hackers obtained users’ API keys and then transferred funds from  trade-only access accounts to withdrawal access accounts.

OKEx - allegedly more than 600 Bitcoin (BTC) stolen, Aug. to Oct. 2017

How many hacks: no reported hacks

Reimbursement: the platform has always denied that it had been hacked. However, multiple users reported their accounts being breached within the same time frame. Rumour has it that one user lost more than 200 BTC.

The mechanics of the hack: OKEx stated that several users’ passwords were stolen.

Bitfinex - 120 000 Bitcoin (BTC) stolen, Aug 2, 2016

How many reported hacks: 2 hacks reported here and here

Reimbursement: in order to reimburse the users, back in 2016, the exchange came up with a strategy where they issued BFX tokens that were redeemable in USD, and investors were reported to get their money back. In November 2018, the company was alerted that the U.S. government had obtained Bitcoins believed to be proceeds from the 2016 hack. Since then, they have retrieved roughly 28 Bitcoins from the government.

The mechanics of the hack: the attackers were able to exploit a vulnerability in the multisig wallet architecture of Bitfinex and BitGo that processed withdrawal requests from the hacker that had obtained access to Bitfinex's keys.

“Cleanest” Exchanges Hacked

In September 2019, the Blockchain Transparency Institute published their latest report on the cleanest cryptocurrency exchanges, which included Kraken, Poloniex, Coinbase and Upbit.

The ranking was based on the least percentage of wash trading in the ecosystem as well as  real trade volume reports.

So, let’s see which of those trading venues have been hacked so far.

UPbit - around $52 million in Ether (ETH) stolen, Nov. 27, 2019

How many hacks: 1 reported hack

Reimbursement: according to Lee Seok-woo, CEO of UPbit’s operator, Dunamo, the exchange will refund users’ lost money with the company’s assets.

The mechanics of the hack: at the time of writing, there is still no information on the specifics of the breach.

Poloniex - about 12.3% of the total BTC supply, Mar. 4, 2014

How many hacks: 1 reported hack

Reimbursement: Tristan D’Agosta, a.k.a. @busoni, said on Bitcointalk that he takes full responsibility for this and is committed to repaying the debt of BTC. “The exchange funds are 12.3% short. Because there is not enough BTC to cover everyone's balances, all balances will temporarily be deducted by 12.3%. Please understand that this is an absolute necessity.” 

The mechanics of the hack: the hackers found a vulnerability in the withdrawal code of Poloniex.

Coinbase - $100 000 stolen, May 15, 2019

How many hacks: 1 reported hack

Reimbursement: none

The mechanics of the hack where $100 000 was stolen: SIM port attack. According to a user hacked, the attacker first learned that the victim had money. Then, they spoofed this person’s mobile provider to impersonate him and requested a new SIM. Once they obtained the victim’s SIM, they ported it to their phone with a goal to initiate the password reset flow via email. When they hacked the user’s email address, they worked their way into the user’s Coinbase account.

Still Not Hacked

This group describes the exchanges with significant trading volume that haven’t been hacked yet. Interestingly, those exchanges also turned out to be pioneers of the niche and were established long before the 2017 hype.

HitBTC

Established in 2013, HitBTC is one of the oldest cryptocurrency platforms that has been working towards innovations.

These days it is looking to implement FPGA chips and is considering fiber-optic cables as well as colocation data centres.

So, maybe the innovative approach keeps them safe? Whatever the case, their website claims that on the security side, they “reserve the right to take different measures of protection, which include, but are not limited to a diversification of crypto assets in different allocations whether on a segregate record (account) or not.”

Kraken

Founded in 2011, Kraken is one of the oldest trading venues in the niche. Its reputation was challenged once in 2016 when multiple claims emerged that users’ personal accounts were compromised and assets nabbed.

Yet, Kraken didn’t comment and issued a petition to the FBI’s Cyber Crimes Division instead.

A month into the investigation, the platform’s users were presented with the clarification, in which the exchange stated it was never compromised.

The exchange stated that users lost their funds because of man-in-the-middle actors and asked everyone one more time to enable security features, such as two-factor authentication for withdrawals or the Global Settings Lock to restrict unfamiliar IP access.

Huobi

Huobi was founded in 2013 by Leon Li, a former computer engineer at Oracle. The exchange once wrongly deposited 920 Bitcoins and 8,100 Litecoins into 27 different accounts, but  reimbursed all the users later.

According to their website, in 2019, the trading venue has completed the security upgrade of their wallets.

Those included their Investor Protection Fund, OTC merchant deposit, project team deposit of Huobi Next, listing voting of Huobi Next, eco-fund investment locking, Global Elites deposit, etc.

The exchange applies cutting-edge technologies allowing users to run TradeSanta bots on top of it and storing investors’ funds in dedicated multi-signature cold wallets.

In Summary

Is there a hope that the best of the best will be able to eliminate all threats coming from the attackers some day? Yes, there is! The group of exchanges that haven’t been hacked so far is proof of that.

However, we’re not there yet 100%. Losses from digital currency illegal acts soared to $4.4 billion in Q3, 2019, up more than 150% from $1.7 billion in 2018.

So the night is young for the ecosystem of exchanges. If you take away one thing from this guide, remember to keep your cryptocurrencies under your control and in cold wallets rather than on exchanges.