Over the weekend, something strange took place across the British Army’s Twitter and YouTube accounts. Both, boasting about 363,000 and 177,000 followers respectively, were briefly hacked to hawk NFT and crypto scams, as first reported by web3isgoinggreat.
The activity on Twitter was curated to resemble the feed of a relatively new NFT collection known as the Possessed project, and accordingly, the account’s avatar was replaced with a character from the collection. Using Possessed NFT imagery and re-tweeting posts that promoted the collection, which launched on June 30, the links included would redirect users to a fake website that inflated the popularity of the project by “showing the number of available NFTs appearing to dwindle.”
Same scams, better design —
Over on YouTube, a similar grift was being played, with the British Army’s account being repurposed to look like Ark Invest, an investment management firm run by Cathie Wood. That last part is important because Wood is a figure in the general crypto space, as her company targets disruptive blockchain technologies for investment, and she is a staunch believer in both Bitcoin and Tesla.
Instead of displaying videos like “View from Apache Attack Helicopter,” a stream “of fake videos cribbed from an old, real livestream with Elon Musk and Jack Dorsey,” was broadcasted with an accompanying frame that tried to entice viewers with the prospect of doubling their money.
Clicking on one of the scam links that bordered the ripped livestream, which actually took place last July, would redirect users to a variety of sites that asked for cryptocurrency payments so that it could double this investment.
While the Twitter scam seems a bit more believable than what took place on YouTube, both of them are fairly elementary outside of a manicured UX that helped promote them. Regardless, the British Army was able to regain control of its socials relatively quickly, but if you were interested in the original hack, web3isgoinggreat archived the Army’s Twitter and YouTube.
Supposedly these types of scams are not exactly new either. MKLeo, the best Super Smash Bros Ultimate player in the world, also had his Twitter hacked in a similar way, while the fake livestream hoax was able to accrue $1.3 million for scammers back in May.