On July 15, 2020 we witnessed the highest-profile Twitter hack since the platform’s inception. The scheme reportedly collected ~3.69 BTC (worth approximately ₹ 1 crore) before it was shut down. The group responsible has since been arrested and pled guilty to charges of fraud. But how were they caught? And what did this mean for crypto, especially in a country that was considering banning it entirely? We’re reflecting on just that.
Surprisingly, the three individuals arrested – Mason Sheppard, aka “Chaewon,”, Nima Fazeli, aka “Rolex,” and Graham Ivan Clark aka “Kirk” – were all less than 23 years old at the time. Kirk, considered the mastermind behind the hack, was barely 18.
How did such a young team break through the defences of one of Silicon Valley’s most sophisticated companies?
The answer is simple. Twitter’s systems weren’t vulnerable, but the people who used them every day were.
Instead of trying to hack the system itself, Kirk targeted a small number of Twitter employees with a phishing attack. Phishing attacks rely on human mistakes to divulge confidential information. Similarly, there have been ZebPay impersonators out there pretending to be us to conduct fraud. And there probably will be more. Only you can protect yourself from someone who is lying to you.
The attack’s success meant Kirk was able to access the internal Twitter network as well as credentials to use their support tools. Using this access, he was able to target 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter data of seven users.
How were the hackers caught?
Our partners at Chainalysis regularly work with law enforcement, most notably to fight terrorism financing campaigns by Al Qaeda. Using blockchain analysis, they were able to study a series of Bitcoin transfers between Kirk and Chaewon. Agents found that the Chaewon wallet transacted heavily with addresses associated with accounts at Binance and Coinbase – leading to the hacker’s real-world identity.
It is important to note that without the transparency of the blockchain, none of this would have been possible. The hackers used many different profiles to communicate with each other, never publicly posting anything that would link back to their real lives. If the hackers had demanded cash, they would have likely made a clean getaway. We’d still be wondering who they were.
Instead, following the money on the blockchain provided the investigation several important leads.
What did the attack mean for Bitcoin?
I remember thinking the attack would feed the narrative that it was only used by criminals. That did happen to an extent, but Bitcoin is resilient. It’s a testament to its potential that it bounced back from the attack’s PR nightmare stronger than ever. Just a few months later, it was making headlines of its one.
You know, the ones saying “Bitcoin hits all-time high.”