if you're talking about https://twitter.com/LukeDashjr/status/1609661811455819776, my guess is that he's either omitting something (eg. the cold wallet was internet connected, or there was a backup of its wallet floating around somewhere), or suffered a stuxnet level attack.
Hours in, seems the vulnerability was not yet patched but simply blue-checks had posting rights pulled. Only non-verified accounts have been posting the wallet key for a while now (search new to find them).
I know it's easy to judge from afar but I can't believe they're leaving the site up during this.
Tweet author didn't thread tweets properly. Full 3-tweet sequence:
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions. https://twitter.com/sheldonbitmart/status/146731625285522636...
2/3 The affected ETH hot wallet and BSC hot wallet carries a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress.
https://twitter.com/sheldonbitmart/status/146731630643736166...
This is the earliest non-deleted tweet I've found referencing the bitcoin address (or rather, noticing that an account got hacked). It was sent at 12:23PM Pacific time (more than 1.5 hours ago): https://twitter.com/lawmaster/status/1283481418518208513
In their statement they deny accessing bank details:
> The bug led to random user data being exposed to the wrong user when accessing our user interfaces. It is important to note that the access to data has been entirely random and not showing any data containing card or bank details (obfuscated data was visible). This means that it has been impossible to access a specific user’s data.
tl;dr: the government has appropriate computer security in place to prevent this sort of thing, and it's not clear what the deal was with that particular computer.
Could not find any official stories, but it happened. The offending tweets have been removed and his account restored. [1] Hackers made a lot of $ with crypto draining operation. This is the last person I would expect to be hacked...you would think he would have everything down pat. Maybe an inside job involving phone carriers or maybe even a disgruntled Twitter employee did it. Who knows.
Shows how lucrative hacking twitter is. Forget hacking databases or social security numbers. or credit card numbers. meh. Or forget bank robbing. the real $ will always be hacking big twitter accounts to promote crypto scams.
edit:
if you're talking about https://twitter.com/LukeDashjr/status/1609661811455819776, my guess is that he's either omitting something (eg. the cold wallet was internet connected, or there was a backup of its wallet floating around somewhere), or suffered a stuxnet level attack.
reply