On the 25th of January, a group of attackers hacked the official Twitter account of Robinhood, one of the most popular cryptocurrency exchanges. In a tweet, which was deleted, the hacked account of the crypto exchange was used to promote a scam in the form of a fake token and NFT sale on the Binance Smart Chain via the decentralized exchange PancakeSwap. It was not only Robinhood’s official Twitter account that got compromised but the other social media profiles of Robinhood were also hacked.
According to the internet sleuth ZackXBT, who cited a Binance Smart Chain scan, the hackers were successfully able to make off with 26.95 BNB tokens, whose worth at that time was around $8,200. According to the internet sleuth, the crypto wallet benefiting from the hack was hosted on Binance, the world’s largest cryptocurrency exchange by trading volume. However, Changpeng Zhao, well-known as CZ, the CEO & founder of Binance, responded to this incident by saying that the account had been locked and was pending further investigation.
In a 25th of January blog post from Robinhood, the victim cryptocurrency exchange wrote that they’re aware of the unauthorized posts from Robinhood’s Twitter, Instagram, and Facebook profiles, which were all removed within minutes. At this time, based on our ongoing investigation, we believe the source of the incident was a third-party vendor, the statement from Robinhood reads. Twitter scams are not new, and it’s not the first time that a Twitter account got hacked, as different Twitter accounts compromised through phishing or sim jacking attacks. And one fewer-known attack vector is the god mode feature of Twitter.
According to the 24th of January report from The Washington Post, a former Twitter employee told the FTC that the social media platform has a god mode feature that allows the staff of Twitter to access any account on Twitter. According to a former Twitter employee, if hackers gained access to this feature, then they would be able to impersonate any account they like. Moreover, with this feature, hackers will be able to target unaware victims.
Before this latest incident, on the 15th of July 2020, hackers had accessed past Twitter security, which they used to impersonate several high-profile accounts, such as former US President Barack Obama, Apple, Uber, Kanye West, Elon Musk, Bill Gates, Warren Buffet, and Joe Bidden. At that time, these accounts started promoting a Bitcoin scam that federal authorities say nabbed around $117,000 in Bitcoin. At that time, law enforcement officials in the US and UK arrested Mason Sheppard, Nima Fazeli, and Graham Ivan Clark in connection with that Twitter hack.