Crypto
Mandiant X/Twitter hacker linked to $900K cryptocurrency phishing scheme
Mandiant, a Google-owned cybersecurity company, says a “brute force password attack” likely caused the takeover of its X (formerly known as Twitter) account last week.
The account hijacking was part of a cryptocurrency phishing campaign linked to a drainer-as-a-service (DaaS) offering Mandiant calls CLINKSINK, according to a blog post detailing the company’s investigation.
An estimated $900,000 or more in Solana (SOL) cryptocurrency has been stolen in recent campaigns by 35 CLINKSINK affiliates identified in the Mandiant probe. These affiliates typically share about 20% of the stolen crypto with the DaaS operator, who raked in more than $180,000 in SOL since New Year’s Eve, according to the blog post.
Meanwhile, Mandiant is facing scrutiny after admitting that “some team transitions and a change in X’s 2FA policy” resulted in the security lapse that led to the hijacking.
Mandiant is one of several well-known organizations caught up in a recent string of X account hijackings, which most recently hit the U.S. Securities and Exchange Commission (SEC) in an incident that briefly shook up the Bitcoin market.
Mandiant’s X/Twitter hack explanation, 2FA lapse questioned by critics
Mandiant noted in its blog post that no Mandiant or Google Cloud systems, other than its X account, were compromised in the hours-long incident on Jan. 3.
Referring to a likely “brute force” attack, the company’s statements published on X Wednesday afternoon seem to imply an attacker targeted the social media account by trying multiple passwords until they successfully logged in.
In replies to Mandiant’s post, some critics noted that this explanation was questionable due to X’s policy of temporarily locking accounts after a “limited number of failed attempts” to log in.
“Not possible due to rate limitation except if the password was 123Password,” one user commented.
The exact number of failed attempts needed to trigger this measure is not provided by X, so SC Media tested the log in feature on a personal X account. We received a notice that the account was locked on the sixth attempt to log in with the wrong password.
No alerts about the failed log-in attempts were sent to the email address linked to the account, and we were also able to access the account, during the temporary lock out period, using the option to sign in with Google/Gmail.
Mandiant did not elaborate on the two-factor authentication (2FA) policy change that contributed to the breach, but this likely refers to X’s removal of the SMS 2FA option for non-Premium subscribers on March 20, 2023.
If this is the case, Mandiant’s account likely had no 2FA protection when it was compromised. X users can still use the authentication app or security key methods of 2FA for free.
“We’ve made changes to our process to ensure this doesn’t happen again,” Mandiant said in its statement.
A Google spokesperson declined to provide additional details about the incident to SC Media.
CLINKSINK affiliates impersonate legitimate crypto sites to drain wallets
After compromising Mandiant’s X account, which has more than 123,000 followers, the hijacker changed the account handle to @phantomsolw, impersonating the legitimate Phantom crypto wallet.
In a post on the hacked account, the CLINKSINK affiliate promoted a supposed opportunity to claim free $PHNTM tokens by clicking a link. Upon clicking the link, users would be urged to connect their Solana wallet and sign a transaction to claim the promotional token airdrop.
The JavaScript-based CLINKSINK drainer linked to the phishing site performs checks to verify that victims have the Phantom Desktop Wallet installed and is capable of surveying connected Solana wallets to check details, including balances. CLINKSINK is also set up to split the drained funds between the affiliate and operator accounts, usually at a ratio of 80% and 20%, respectively.
In the case of the Mandiant hijacking, the phishing scheme failed due to Phantom recognizing the site as malicious and blocking users from connecting their wallets, BleepingComputer reported.
The hijacker later deleted the phishing tweet and resorted to using the Mandiant account to mock the company with messages like “Check bookmarks when you get your account back.”
Mandiant identified other legitimate crypto utilities like DappRadar and BONK being used in related CLINKSAFE campaigns across social media platforms, including X and Discord.
CertiK, Netgear and Hyundai Middle East & Africa (MEA) have also had their X accounts hacked in cryptocurrency-draining schemes this year, but there is no confirmation that these incidents were also linked to CLINKSINK.
Do Kwon, the South Korean cryptocurrency entrepreneur behind two digital currencies that lost an estimated $40 billion in 2022, was sentenced on Thursday to 15 years in prison for for what a judge called an “epic fraud.”
U.S. District Judge Paul A. Engelmayer, who handed down the sentence, sharply rebuked Kwon for repeatedly lying to everyday investors who trusted him with their life savings.
“This was a fraud on an epic, generational scale. In the history of federal prosecutions, there are few frauds that have caused as much harm as you have, Mr. Kwon,” Engelmayer said during a hearing in Manhattan federal court.
Kwon, 34, who co-founded Singapore-based Terraform Labs and developed the TerraUSD and Luna currencies, previously pleaded guilty and admitted to misleading investors about a coin that was supposed to maintain a steady price during periods of crypto market volatility.
He is one of several cryptocurrency moguls to face federal charges after a slump in digital token prices in 2022 prompted the collapse of a number of companies.
Dressed in yellow prison garb, Kwon addressed the court and apologized to his victims, including the hundreds who submitted letters to the court describing the harm they had suffered.
“All of their stories were harrowing and reminded me again of the great losses that I’ve caused. I want to tell these victims that I am sorry,” Kwon said.
Ayyildiz Attila, one of the hundreds of victims who submitted letters to the court, said he lost between $400,000 and $500,000 in the collapse.
“My savings, my future, and the results of years of sacrifice disappeared. I struggled to keep up with payments and responsibilities, and everything I had worked forwas erased,” Attila said.
Kwon’s lawyer Sean Hecker said in an email after the sentencing that Kwon spoke from the heart, expressed genuine remorse and will continue his efforts to make amends.
US Attorney Jay Clayton in Manhattan said in a statement following the hearing that Kwon devised elaborate schemes to inflate the value of his cryptocurrencies and fled accountability when his crimes caught up to him.
Prosecutors had asked for a sentence of at least 12 years in prison, saying the crash of Kwon’s Terra cryptocurrency caused billions of dollars in losses and triggered a cascade of crises in the crypto market.
Kwon’s lawyers had asked that he be sentenced to no more than five years so he can return to South Korea to face criminal charges.
Prosecutors charged Kwon in January with nine criminal counts for securities fraud, wire fraud, commodities fraud and money laundering conspiracy.
Kwon was accused of misleading investors in 2021 about TerraUSD, a so-called stablecoin designed to maintain a value of $1. Prosecutors alleged that when TerraUSD slipped below its $1 peg in May 2021, Kwon told investors a computer algorithm known as “Terra Protocol” had restored the coin’s value.
Instead, Kwon arranged for a high-frequency trading firm to secretly buy millions of dollars of the token to artificially prop up its price, according to charging documents.
Kwon pleaded guilty in August to two counts, conspiracy to defraud and wire fraud, and apologized in court for his conduct.
“I made false and misleading statements about why it regained its peg by failing to disclose a trading firm’s role in restoring that peg,” Kwon said at the time. “What I did was wrong.”
Kwon agreed in 2024 to pay $80 million as a civil fine and be banned from crypto transactions as part of a $4.55 billion settlement he and Terraform reached with the Securities and Exchange Commission.
He also faces charges in South Korea. As part of his plea deal, prosecutors will not oppose Kwon’s potential application to be transferred abroad after serving half his US sentence.
Indiana redistricting: Senate Republicans side with Democrats to reject Trump’s voting map
Iowa women’s wrestling goes on the road to defeat Grand View
Kansas City, Kansas, baseball field renamed to honor fallen deputy Elijah Ming
Several people hurt in Western Kentucky Parkway multi-car accident, officials say
This Japanese partnership will advance carbon capture in Louisiana
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Video: Hiker Rescued From Quicksand in Arches National Park
The Speaker’s Lobby: What Congress’ December script means for healthcare next year
Coalition of the Willing calls for transatlantic unity for Ukraine
In a setback for Trump, Indiana lawmakers defeat redistricting plan
House Dem to force Trump impeachment vote on 2 articles
-
Alaska5 days agoHowling Mat-Su winds leave thousands without power
-
Politics1 week agoTrump rips Somali community as federal agents reportedly eye Minnesota enforcement sweep
-
Ohio1 week agoWho do the Ohio State Buckeyes hire as the next offensive coordinator?
-
Texas6 days agoTexas Tech football vs BYU live updates, start time, TV channel for Big 12 title
-
News1 week agoTrump threatens strikes on any country he claims makes drugs for US
-
World1 week agoHonduras election council member accuses colleague of ‘intimidation’
-
Washington3 days agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa4 days agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire