was compromised in May earlier this year, it was used to dupe Moonbirds NFT owners into transferring their tokens into the hacker’s wallet. Over a few hours, the hacker sent out hundreds of tweets announcing a new “drop” with a phishing link, which prompted buyers to transfer a sum of cryptocurrency in exchange for a fake NFT or none at all.
responded, “No worries on that.” A moment later, they blocked the reporter’s account, ending the conversation.on NFT frauds, says a verification badge adds a stamp of authenticity, and a scammer with a verified Twitter profile can attract much stronger attention and have a higher impact. And by targeting the multi-billion-dollar NFT ecosystem, both hackers and buyers or scammers can recoup their costs in a few tweets before account owners initiate the recovery process.
Previously, blue-check Twitter thefts were both rare and coordinated — largely traded on marketplaces like Swapd and Ogu.gg. However, as demand for verified accounts surges for NFT promotions and scams, hackers have taken to more accessible channels like Telegram to reach broader audiences. And the way hackers break in is easier than you’d think.
In a credential stuffing attack, hackers begin with a vast leaked database of username and password combinations — which no longer are hard to come by, courtesy of the rise of large-scale breaches. The intruder brute-forces the usernames and passwords from the matched credentials on Twitter’s login form and puts the successful hits up for sale in their groups.
Cc:HalSparks
you've bought one of them there haven't you?
Twitter employees lacing Halloween candy with blue checks.
Yep
I really cant be that hard for Twitter to monitor verified accounts for large profile changes, if they then immediately start shilling NFTs, temporarily limit the account's ability to tweet for an hour. If its legit, they can wait it out.
Sigh. Wishing people realized sooner that blue checks don't mean shit.
megan_kaspar that made blue checks worthless. Do not trust, verify. on chain.