decrypt.co
Cybercriminals hacked the Twitter account of the Robinhood exchange on Wednesday. In a now-deleted tweet, the hacked account was used to promote a scam offering crypto tokens and NFTs on the Binance Smart Chain through the PancakeSwap decentralized exchange.
Robinhood presumably hacked pic.twitter.com/UgRD3UCbo9
— db (@tier10k) January 25, 2023
According to a Binance Smart Chain scan shared by internet sleuth ZackXBT, the scammers were able to make off with 26.95 BNB tokens, around $8,200.
Scam was funded via Binance https://t.co/zsDJwCiEDe
— ZachXBT (@zachxbt) January 25, 2023
ZackXBT noted that the wallet benefitting from the scam was hosted on the Binance cryptocurrency exchange. Binance CEO Changpeng “CZ” Zhao responded, saying the account had been locked pending further investigation.
Twitter scams are not new: accounts are typically compromised through sim jacking or phishing attacks. One lesser-known attack vector is Twitter’s “god mode” feature. On Wednesday, The Washington Post reported that a former Twitter employee told the FTC that the platform has a “god mode” that allows Twitter staff to access any account on Twitter. Hackers gaining access to this feature can impersonate any account they like and target unaware victims.
Robinhood and Twitter have not yet responded to Decrypt for comment.
On July 15, 2020, cybercriminals were able to get past Twitter security. They impersonated several high-profile accounts, including former US President Barack Obama, President (then Vice President) Joe Biden, Apple, Uber, Kanye West, Elon Musk, Bill Gates, and Warren Buffet.
Obama pic.twitter.com/yOdKsdHXwn
— Twetch – NFT MINT SUNDAY (@twetchapp) July 15, 2020
The compromised accounts began promoting a Bitcoin scam that federal authorities say nabbed $117,000 in BTC. US and UK law enforcement officials arrested Nima Fazeli, Mason Sheppard, and Graham Ivan Clark in connection with the Twitter hack. Clark was ultimately sentenced to three years in federal prison.