On Sunday, hackers gained access to the official Twitter, Facebook, and YouTube accounts of the British Army and advertised fraudulent nonfungible token (NFT) collecting and cryptocurrency scams for almost four hours.
On Sunday, shortly after 2:00 EST, the Ministry of Defence (MOD) Press Office of the United Kingdom tweeted that the Army’s social media accounts had been compromised and an inquiry had been launched.
The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway.
The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.
— Ministry of Defence Press Office (@DefenceHQPress) July 3, 2022
“The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway. The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.”
Around 5:45 p.m. EST, the Office gave an update stating that the account breaches had been fixed. The official Twitter account for the British Army expressed regret for the tweets and promised to look into the matter and “learn from this mistake.”
What did the hackers post on the hacked accounts?
Hackers were marketing at least two fake variants of ‘The Possessed’ and ‘BAPESCLAN NFT’ collections, according to screenshots of the British Army’s official Twitter account that users have posted online.
In one screenshot, the hackers are seen pinning a tweet to a phony mint of The Possessed NFT collection. This tweet contains a phishing link, which, if activated, would drain users’ cryptocurrency wallets of their assets. One of the collection’s creators, Tom Watson, alerted his followers to the false material and requested that they report it.
The hackers posted Livestream recordings of fictitious interviews with Twitter co-founder Jack Dorsey and Elon Musk on YouTube under the renamed account that resembled the Cathie Wood-founded investment business Ark Invest. These videos attracted thousands of viewers.
the British Army’s YouTube page, still under the control of some crypto scammers, is running 4 consecutive livestreams with approx 19,000 people watching as we speak. would be interesting if any of them who fall for the scam could have grounds to sue the Army pic.twitter.com/oVWrDsXKZ1
— Monsieur Rules (@wariotifo) July 3, 2022
The uploaded movies on the hacked YouTube channel advertised other cryptocurrency giveaway scams using QR codes. They asked viewers to contribute cryptocurrency to them in the hopes of receiving double back.
It is unclear who are the perpetrators of the attack, how they succeeded, or how many people may have been duped by the phishing and scam links. The British Army has since removed all links, tweets, and related content from the compromised accounts.
Crypto hacks on the rise
Up to $1 billion was lost to cryptocurrency scammers in 2021, with social media platforms accounting for nearly half of all cryptocurrency-related scams. Social media and cryptocurrencies have even been called a “combustible combo for fraud” by the US Federal Trade Commission.
Earlier in May, links to a phishing website were posted on the Twitter account of NFT artist Beeple, which resulted in the attacker receiving approximately $438,000 in cryptocurrency and several NFTs. The links were designed to resemble a “surprise mint” off a new Beeple NFT line.
Later in June, the upcoming Duppies NFT collection’s hijacked Twitter account released a similar stealth mint phishing link. At least one victim lost 650 Solana (SOL), valued at around $18,850.