Yesterday, the CEO of Twitter and Square Inc., and staunch Bitcoin and crypto supporter, Jack Dorsey, had his personal Twitter account hacked by the way of a SIM-swap attack and SMS-based backdoor.
The hack demonstrates that even the CEO can have his own company’s highly-valuable personal account compromised, and is a painful reminder that if it can happen to someone as high profile as Dorsey, it could happen to you too.
Bitcoin Bull Jack Dorsey Falls Victim to Sim-Swap Hack, Twitter Account Compromised
Yesterday, the Twitter account of the social media platform’s CEO – used often as an important bulletin board the company and soapbox for the outspoken executive – was hacked by a group of hackers calling themselves ChucklingSquad. The hackers had accessed the Twitter account and posted nonsensical notes, racial slurs, and “hello world” style messages to prove that their cybercriminal prowess was able to achieve such a feat.
Related Reading | Pro League of Legends Gamer Robbed of $200K in Crypto in Sim-Hack
And while Bitcoin wasn’t directly involved, Dorsey’s account was comprised due to having been the victim of a SIM-card swap attack – a relatively new type of hack that has been increasingly targeting cryptocurrency holders. Jack Dorsey is among the world’s most renowned Bitcoin bulls, using his Square Cash app to bring Bitcoin buying to the mainstream public and suggests that one day the crypto-asset would become the world’s single global currency for the internet.
As is the case with some high profile crypto investors, the hackers were able to assign Dorsey’s phone number to a dummy phone. However, unique to this case, the number was then used to text message Twitter’s text-to-tweet service to send the offensive tweets.
Others haven’t been so lucky. In the past, angel investor Michael Terpin was the victim of a SIM-swap attack that resulted in $24 million in crypto being stolen. Later, Terpin filed a lawsuit against his mobile service carrier at the time – AT&T – for their negligence and was awarded a $75.8 million victory in the case. AT&T is also Dorsey’s service provider, showing that there could be a connection somehow.
More influential figures known for their involvement in crypto and Bitcoin have been the targets of similar attacks. Recently, a prominent eSports player was targeted and shared the incident on his YouTube channel. The incidences are only increasing as cybercriminals continue to target crypto holders.
ATTENTION: If the CEO of Twitter can get his account hacked on his own platform, I promise your bitcoin is likely MUCH more vulnerable.
Use two-factor authentication where ever possible.
Get your bitcoin off exchanges.
— Rhythm (@Rhythmtrader) August 30, 2019
It’s important for crypto investors to use additional security protections such as two-factor authentication using Google Authenticator and to avoid SMS-based 2FA for this very reason. Always remember to back up your 2FA codes on paper for safekeeping.
Related Reading | 15 Crypto Community Members Targeted As SIM-Port Hack Trend Spikes
Other tips include keeping assets like Bitcoin off exchanges and in cold storage. Also never disclose that you hold any crypto to anyone ever, and use unique usernames and passwords whenever possible. Running malware protection software like MalwareBytes, and being cautious about installing browser add-ons and the like is also recommended.
Dorsey likely has taken all of the steps above and more, yet still, hackers were able to obtain access to his account. The situation proves that no one can ever be 100% safe at all times, however, these steps can certainly aid in keeping one’s assets safe.