From: thepipeline_xyz
Social engineering poses a significant threat within online trading communities, often leading to compromised trading accounts and substantial financial losses. Attackers employ elaborate tactics to deceive users, leveraging platforms like Twitter and Telegram to execute their schemes [00:00:08].
Case Study: The Y22 Incident
A notable case involved a trader known as y22, who gained popularity by publicly sharing his successful trading journal [00:00:00]. His high engagement on Twitter made him and his followers targets for a sophisticated social engineering attack [00:00:04].
The Attack Mechanism
An attacker posted a link to a fake Telegram group within y22’s Twitter thread [00:00:08]. Upon entering this Telegram group, users were prompted to “verify” their identity [00:00:13]. This verification process involved “extra added steps” that ultimately directed users to perform an action on their desktop browser, specifically moving them from phone to desktop [00:00:16]. This critical action on the desktop browser, where hot wallets were accessible, led to the compromise of accounts [00:00:27].
Deception Tactics Used
The perpetrator employed several deceptive tactics to make the fake account and group appear legitimate:
- Identity Mimicry: The attacker meticulously mimicked y22’s entire Twitter history, including follower count, and created a username similar to his actual Twitter handle [00:00:34].
- Verification Badge: The fake account also displayed a gold checkmark, further enhancing its perceived legitimacy [00:00:44].
Outcome
As a direct result of this phishing scam, y22’s accounts were compromised, and he reportedly lost everything [00:00:29].
The Extent of Social Engineering Efforts
Attackers are willing to go to extreme lengths to compromise individuals, including significant financial investment. It is cautioned not to assume that a malicious actor would not spend five figures on a social engineering campaign [00:00:47]. Experts in social engineering campaigns confirm that considerable time, effort, and money can be expended to compromise a large number of at-risk individuals [00:00:53].
Quote
“People will go to very extreme lengths to compromise you. Don’t assume somebody’s not willing to shell out like five figures and as somebody who’s done like I guess social engineering campaigns as a living like there’s a lot of like time and effort and money you can spend to compromise like a ton of people that are at risk” [00:00:47]