The British Army has started an investigation into a breach of its YouTube and Twitter accounts, after regaining control of them late on Sunday from unknown individuals who gained access to the accounts, and used them to promote fraudulent cryptocurrency-related products and schemes.
In a statement posted on Twitter after regaining access to the accounts, the Ministry of Defence’s press office said:
“The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway.
The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.”
The British Army’s Twitter account was first changed to resemble that of the Possessed non-fungible token (NFT) project (archived screenshot here via Web3 is going just great), announcing a “new NFT collection” and linking to a fake website “minting” (generating and selling access to, if the site were legitimate) the tokens. It was then changed to a different ape-themed project, claiming to be ‘attacking Pakistan’ before control was restored.
The Army YouTube account was changed to resemble that of investment management firm ARK Invest, uploading a series of fake videos composed of footage from a July 2021 panel discussion between ARK Invest founder Cathie Wood, Tesla CEO Elon Musk and Twitter founder (archived screenshot here). The videos featured links to websites hosting fake cryptocurrency giveaways, claiming to pay back double the amount of cryptocurrency paid by victims. The scam in question has been used several times, with McAfee Labs reporting in May that a previous incarnation of the scam using other YouTube accounts was able to steal over $1.3 million in cryptocurrency.
Scams targeting cryptocurrency holders have become increasingly frequent, with the inability to reverse cryptocurrency transactions leaving victims with little recourse. The United States’ Federal Trade Commission stated in June that the amount of cryptocurrency lost in scams in 2021 was 60 times that lost in 2018, with 16,000 people reporting to have lost $1 billion in cryptocurrency to scams between January 2021 and March 2022.
NFTs and platforms selling them have similarly become targets of scams and security breaches, resulting in the loss of tokens purchased. The digital artwork that usually accompanies the NFTs have also long been criticized by skeptics of using generic, plagiarized or outright stolen art with little merit beyond being tied to the tokens, with self described “first NFT marketplace” OpenSea admitting in January that 80 percent of items created using its free “minting” tool were “plagiarized works, fake collections, and spam”.