Cybercriminals hacked the Twitter account of the Robinhood exchange on Wednesday. In a now-deleted tweet, the hacked account was used to promote a scam offering crypto tokens and NFTs on the Binance Smart Chain through the PancakeSwap decentralized exchange.
Robinhood presumably hacked pic.twitter.com/UgRD3UCbo9
— db (@tier10k) January 25, 2023
Robinhood's other social media profiles were also compromised. According to a Binance Smart Chain scan shared by internet sleuth ZackXBT, the scammers were able to make off with 26.95 BNB tokens, around $8,200.
Scam was funded via Binance https://t.co/zsDJwCiEDe
— ZachXBT (@zachxbt) January 25, 2023
ZackXBT noted that the wallet benefitting from the scam was hosted on the Binance cryptocurrency exchange. Binance CEO Changpeng “CZ” Zhao responded, saying the account had been locked pending further investigation.
"We’re aware of the unauthorized posts from Robinhood Twitter, Instagram, and Facebook profiles, which were all removed within minutes," Robinhood wrote in a statement shared with Decrypt. "At this time, based on our ongoing investigation, we believe the source of the incident was via a third-party vendor."
Twitter scams are not new: accounts are typically compromised through sim jacking or phishing attacks. One lesser-known attack vector is Twitter’s “god mode” feature. On Wednesday, The Washington Post reported that a former Twitter employee told the FTC that the platform has a “god mode” that allows Twitter staff to access any account on Twitter. Hackers gaining access to this feature can impersonate any account they like and target unaware victims.
Twitter has not yet responded to Decrypt for comment.
On July 15, 2020, cybercriminals were able to get past Twitter security. They impersonated several high-profile accounts, including former US President Barack Obama, President (then Vice President) Joe Biden, Apple, Uber, Kanye West, Elon Musk, Bill Gates, and Warren Buffet.
— Twetch – NFT MINT SUNDAY (@twetchapp) July 15, 2020
The compromised accounts began promoting a Bitcoin scam that federal authorities say nabbed $117,000 in BTC. US and UK law enforcement officials arrested Nima Fazeli, Mason Sheppard, and Graham Ivan Clark in connection with the Twitter hack. Clark was ultimately sentenced to three years in federal prison.