The Pipeline Knowledge Graph

Verifying communication channels

2 min read

From: thepipeline_xyz

Case Study: The y22 Compromise

A notable trader known as y22, who gained significant traction by sharing his trading journal, became the victim of a sophisticated scam that led to the loss of all his assets [00:00:00]. This incident highlights the critical importance of verifying communication channels and exercising extreme caution online.

Modus Operandi of the Attack

The scam involved a highly deceptive impersonation and a multi-stage process designed to compromise the victim’s digital assets:

  • Twitter Impersonation [00:00:34]: The attacker created a fake Twitter account that mimicked y22’s online persona, including their entire Twitter history, follower count, and a similar username [00:00:36][00:00:40]. The imposter also displayed a gold check mark, adding to the illusion of legitimacy [00:00:44].
  • Malicious Telegram Group [00:00:08]: The imposter posted a link to a Telegram group under y22’s legitimate Twitter thread [00:00:08].
  • Forced “Verification” and Device Switch [00:00:13]: Inside the Telegram group, users were prompted to undergo a “verification” process [00:00:13]. This verification included additional steps that eventually directed users to perform an action on their desktop browser, requiring a switch from phone to computer [00:00:16][00:00:18][00:00:24].
  • Hot Wallet Compromise [00:00:29]: The action performed on the desktop browser, where the victim’s hot wallets were accessible, directly led to the compromise of their assets [00:00:27]. As a result, y22 lost nearly everything [00:00:31].

The Extent of Attacker Dedication

This case illustrates the extreme lengths to which malicious actors will go to compromise individuals [00:00:47]. Attackers are willing to invest significant resources, potentially “shelling out like five figures” [00:00:51], and dedicate substantial time and effort to social engineering campaigns [00:00:58]. The goal is to compromise a large number of at-risk individuals [00:01:00].

WARNING

Do not assume that an attacker is unwilling to invest significant resources to compromise you [00:00:50]. Always verify communication channels independently and be wary of unsolicited links or demands for “verification” that require actions on your personal devices, especially where cryptocurrency wallets are stored.

Graph View

Backlinks