CryptoForHealth: A Large Scale Attack on Twitter

How to scam for £110K

CryptoForHealth: A Large Scale Attack on Twitter

How to scam for $118K

I have a domain name called Cloud4Health.com, and it was initially associated with our second spin-out (Symphonic). But, today it was CryptoForHeath.com that was in the news, and part of a major Twitter account compromise.

It is strange when you watch an online crime being re-acting in real-time. And tonight as I watched my twitter feed I saw some strange events:

And so there was a targetted hack on the Twitter accounts of many high profile people such as Barach Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Apple, Uber, and Bitcoin.org. The associated scamming Website pointed users to CryptoForHealth.com [here]:

The site was registered on 15 July 2020, and it appeared on the same day. The Bitcoin wallet [here] currently has 374 transactions, for a value of 11.95 BTC ($118K):

After detected, the site was marked as a scamming site:

The offer was a 2 for 1, and where users sent up to 20 BTCs, and they would receive double the amount back. A strange thing is the transactions include one for half a dollar — with $11.19 in fees — and which was sent from the wallet associated with the Twitter, to addresses which spelt out the message of:

Just Read All
Transaction Outputs As Text
You Take Risk When Use Bitcoin
For Your Twitter Game
Bitcoin is Traceable
Why Not Monero

Bitcoin addresses that start with a “1” are legacy addresses (P2PKH — Pay-to-Pubkey Hash), and which was the original addressing system. Newer addresses start with a “3” and support Segwit transactions (P2SH — pay to script hash), and which merge the signing of a transaction of multiple senders into a single signature. The third type of address does not begin with a ‘1’ or a ‘3’ and is defined as a Bech32 address.

After six hours since the start of the compromise on Wednesday 25 July 2020, Twitter reported that it had been part of a coordinated social engineering attack” against its own employees, and which allowed access to its internal tools. As part of the clamp down on the compromise, Twitter even locked out those with a verified account (one with a blue tick) for two hours.

Conclusions

This hack will generate many questions for Twitter, and, at the current time, they have not reported how the major hack could happen.

Here’s another example:

The Prof Says “Go Get Crypto”: … The Rise of the Intelligent Bot Hackers
Forget Facebook … Get Ready for the Real Fake Newsmedium.com