Report: New York DFS Reveals Twitter Cybersecurity Issues

  • After the Twitter hack earlier this year, the NY Department of Financial Services decided to further analyze the situation and make suggestions on how to prevent future security threats.
  • The adequate response from regulated crypto companies supposedly blocked the theft of nearly $1.4 million worth of BTC.

Illustration from Shutterstock

On October 14, the New York Department of Financial Services (NYDFS) released a report on the Twitter hack that occurred in mid-July and cost users over $118,000 worth of BTC. According to the report, the breach in Twitter has brought forward many security weaknesses that could be highly consequential for the platform in its influence on the expanding cryptocurrency market.

Researchers claimed that the hackers were able to penetrate the platform by making phone calls to account holders and pretending that they were from Twitter’s support team. The way that the perpetrators obtained access to the accounts is said to not only underscore the vulnerability of the social media but also call for potential changes in how global platforms are being protected.

“The Twitter Hack demonstrates the need for strong cybersecurity to curb the potential weaponization of major social media companies,” the report said. “But our public institutions have not caught up to the new challenges posed by social media. While policymakers focus on antitrust and content moderation problems with large social media companies, their cybersecurity is also critical.”

As stated in the report, in one of the final phases of the attack, the hackers even tried to target NYDFS-regulated crypto companies, who managed to respond quickly and blocked the impacted addresses. Coinbase, Gemini, and Square supposedly discarded the Bitcoin addresses posted by the criminals within 40 minutes of the start of the initial attack. Researchers claimed that Coinbase prevented nearly 5,670 transfers, worth around $1.3 million, and Square – 358 transfers valued at roughly $51,000.

In order to prevent similar events in the future, the NYFDS made several suggestions on how crypto firms can improve their security. These include using a strong and unique password, regularly monitoring accounts for unauthorized posts, and avoiding SMS-based communication due to its susceptibility to hacks. Experts also advised limiting employee’s access as an additional security measure.

“While Twitter did have some access controls in place, they were not enough to prevent the Twitter Hack. Twitter did limit access to the internal tools, but over 1,000 Twitter employees still had access to them for job functions and duties such as Twitter user account maintenance and support, content review, and responses to reports of Twitter Rules violations. Immediately after the Twitter Hack, however, Twitter further limited the number of employees with access to the internal tools, even though it caused a slowdown of some job functions.”

Discussion
Related Coverage
Vitalik Says X Account Hacked Via SIM-Swap
  • Ethereum co-founder Vitalik Buterin has regained his T-Mobile account, which on Saturday was compromised by hackers and used to take over his X account.
  • On 9 September, hackers used a SIM-swap attack to take over Buterin’s X account, and siphon close to $700,000 in crypto by promoting a fake NFT giveaway.
September 12, 2023, 1:33 PM
Vitalik Buterin Proposes Creating an Ether Mixer

Ethereum co-founder and Vitalik Buterin speaks during TechCrunch Disrupt. 18 September, 2017, San Francisco, California.Steve Jennings/Getty Images for TechCrunch

Social App Friend.tech Generates Over $1.4M in Fees in 24h
  • Although it was launched in beta on 10 August, the platform has already entered the list of top three fee generating crypto projects by earning $1.42 million in 24 hours.
  • Friend.tech is a social app integrated with X (formerly Twitter) that allows users to sell and buy tokenized shares of their social network, gaining access to exclusive content and private chat rooms.
KuCoin Twitter Account Hacked, Exchange to Reimburse Losses
  • The Twitter account of the crypto exchange was compromised for roughly 45 minutes on Monday, resulting in 22 transactions connected to the hack.
  • KuCoin has calculated that the total asset losses were 22,638 USDT, and noted that it will fully reimburse users affected in the incident.