Kucoin Twitter account hacked, $22k lost

[Accardo]

Isn't it supposed to be an inside job, since they claim without any proofs that they had twitter 2fa enabled?

If it was an inside job, then it was a pretty bad one. 22k is nothing compoared to some bigger hacks and somehow I doubt that someone from Kucoin would risk so much for so little. By the way, how exactly could they prove that they had 2FA enabled? You either belive what they claim, or not.

Inside job in such scam as this one, isn't one sided, it could also be from the twitter side. I could remember when the likes of Barack Obama's twitter account was hijacked and used for a similar scam, the hackers, teenage boys, when apprehended said that they tricked, through spearphishing, an insider on twitter who helped them execute the task and bypassed them to tweet with accounts owned by top celebrities. A scam, however severely, is simply bad. Hence, the stolen amount shouldn't be considered as the only reason why their twitter account was hijacked. They could be some information that the hacker needed to get on the Kucoin twitter page, exaggerating, then dropped the tweet. And I don't think they were right about how long the account was on the hacker's custody, as they judged from the moment the tweet was made to the time they were aware of what's happening.

[Husires]

Do any of you have any snapshots of the nature of the scam that happened? Are they links to access your account, double money scam, free gift trick or what? In just 45 minutes, and through tweets, a scammer can collect more than 20k USD, which is not a small amount, and it is additional evidence that many cryptocurrency users need more awareness and investment in learning than losing their money in such ways.

I wish their cold/hot storage is managed by a more professional team.

[Rikafip]

Do any of you have any snapshots of the nature of the scam that happened? Are they links to access your account, double money scam, free gift trick or what?

It was a pretty basic scam attempt in which attacker shared fake Kucoin website and promised free money. People fall for these type of scams even without announcement coming from the exchange's official Twitter account so I am actually surprised that more people didn't lose money.


https://twitter.com/NFTherder/status/1650272867785777153

[eaLiTy]

What a shame, but still kudos reimbursing the users affected. I don't know how their handle was hacked, isn't 2fa is forcedrequired to every verified handle in twitter? How is it possible though to breach 2fa?

It is surprising that Kucoin is reimbursing users that lost money because of the hack in Twitter as majority might have sent money thinking that they are doubling the amount, the usual scam that takes place in this space Posted a phishing link in their Twitter handle and thereby lost money and hence they are doing the right thing by reimbursing the users.

The verification process in Twitter changed after Elon Musk took over as anyone paying $8 can get verified, so i doubt there will be mandatory 2 FA.

It is surprising that Kucoin is reimbursing users that lost money because of the hack in Twitter

I don't think that its surprising at all since their account got hacked due their own mistake and no one else's. Imho, its the least that they could so.

I retracted my statement because it was a phishing link, when i initially posted them i thought it was a doubling scam and they are doing the right thing.

Fact remains that, it is not safe to click on any random link when you log into exchange even through their official social media handle. Users need to be responsible when financial assets are at stake to avoid these mishaps.

[ololajulo]

What a shame, but still kudos reimbursing the users affected. I don't know how their handle was hacked, isn't 2fa is forcedrequired to every verified handle in twitter? How is it possible though to breach 2fa?

Contrary to popular belief 2FA is not impenetrable, especially if they used mobile phone number.

I guess sms 2fa is not available on twitter, i remember elon doesn't like 2fa and keep tweeting it previously.

My apologies but how did the kucoin twitter account hack allow access to the exchange fund? Does this make a difference to everyone who has a Twitter account and cryptocurrency?

[Rikafip]

It is surprising that Kucoin is reimbursing users that lost money because of the hack in Twitter

I don't think that its surprising at all since their account got hacked due their own mistake and no one else's. Imho, its the least that they could so.

My apologies but how did the kucoin twitter account hack allow access to the exchange fund? Does this make a difference to everyone who has a Twitter account and cryptocurrency?

Its not the exchange that got hacked, but Kucoin Twitter account that attacker then used to share phishing link.

[PX-Z]

My apologies but how did the kucoin twitter account hack allow access to the exchange fund? Does this make a difference to everyone who has a Twitter account and cryptocurrency?

Its not the exchange that got hacked, but Kucoin Twitter account that attacker then used to share phishing link.

To be precise, kucoin twitter was hacked and tweet a fake giveaway scam that leads by accessing the phishing site and got scammed. So no exchange was hacked particularly.

It doesn't mention how the scam happened particularly if its the users send the funds particularly from their kucoin accounts or the scammers/hackers login to their users' account and withdraws their assets. If its the latter, kucoin should implement another security that it disabled from withdrawing in 24 hours after logging in a new device, or needs a sms, email and 2fa verification for withdrawals using a new logged in device.