On 28 December, the official Twitter account of the ministry of Jal Shakti (@MoJSDoWRRDGR) was hacked by crypto scammers for the second time this month. Following the account hijack, the hackers promoted cryptocurrency giveaways – Bitcoin and Ethereum – through a series of tweets by pretending to be Elon Musk.

In his tweet, Satnam Narang, senior research engineer at Tenable says that links shared by the hackers on their tweets led to a “standard cryptocurrency scam page” which mimicked the popular open source content platform Medium.

The perpetrators even interacted with notable cryptocurrency influencers and crypto-related news outlets such as CoinDesk.

Ministry of Jal Shakti: 2 hacks in 1 month

The incident marks the second instance of Jal Shakti ministry’s Twitter account getting hacked. On 1 December, the ministry’s Twitter account was briefly compromised, although 80 tweets related to fraudulent cryptocurrency-related offers were posted during the takeover.

In the last incident, the ministry confirmed that its official Twitter account was indeed hacked, however, a statement confirming yesterday’s hack is yet to be issued.

In January this year, the official Twitter account of the Union Ministry of Information and Broadcasting was compromised.

How hackers are running cryptocurrency scams

Narang tells us that the hackers were most likely gunning for “advanced fee fraud” or a “trust trading scam”. The way it works, he explains, is that users are first asked to send anything between 0.5 to 10 Bitcoin or 0.5 to 300 Ethereum in order to double their earnings in cryptocurrency.

He warns that if a user is being asked to send money up-front or an advanced fee to participate or win a giveaway, there is a 99.9% chance they are being scammed.

“Users never receive anything back, and because cryptocurrencies are decentralized, users have no recourse of recovering their lost cryptocurrency,” Narang says.

“One of the first instances of a gray-verified badge hack”

Narang says that since Elon Musk took over Twitter, some changes have been made with respect to verified accounts, thus making it harder for cyber attackers to pivot a verified profile to impersonate businesses like Tesla or Twitter.

“However, this is one of the first instances we’ve seen within the new verification system that a gray verified badge – which is associated with government agencies – was hacked and used to promote a fake cryptocurrency giveaway,” he says.

In addition to hacking a verified government account, Narang says that the hackers elevated the “reach” of the scams by retweeting and liking the post from several bot accounts.

Twitter battles data security concerns

Following Elon Musk’s takeover of Twitter on 28 October, Larry the Bird – name of the blue bird in the logo – has hit a rough patch when it comes to data security.

On 26 December, a hacker who goes by the name Ryushi claimed to have hacked the personal data of over 400 million Twitter users including verified accounts of prominent individuals such as Sundar Pichai, Steve Wozniak, Salman Khan, Piers Morgan, and Donald Trump Junior – to name a few.

Alon Gal, co-founder and CTO of Israeli cybersecurity firm Hudson Rock, in a series of tweets, explains that due to the revealing of email addresses, hackers were able to find compromised passwords from previous data breaches and access user accounts not equipped with 2-factor authentication or 2FA.

Compromised Twitter accounts [Source: Alon Gal, Hudson Rock] Another possibility is that the hacker(s) could have targeted the email supplier and with the help of the compromised email and social-engineered his way to access the email account. If the user has not enabled multi-factor authentication (MFA), the hacker can easily reset the Twitter account password and hijack the account.