The official British Army Twitter, Facebook and YouTube accounts were hacked on July 3 for nearly four hours, with scammers promoting non-fungible token (NFT) collection scams and cryptocurrency scams.
Just after 2pm ET on July 3, the UK Ministry of Defense (MOD) Press Office tweeted that it knew the Army’s social media accounts were compromised and had launched an investigation.
Nearly four hours later, at about 5:45 pm ET, the Bureau provided an update that the account violations were resolved. The official British Army Twitter account also apologized for the posts, saying it would carry out an investigation and “learn from this incident”.
The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway.
The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.
— Ministry of Defence Press Office (@DefenceHQPress) July 3, 2022
Screenshots from the official British Army Twitter account posted by users show the hackers promoting at least two fraudulent derivatives of “The Possessed” and “BAPESCLAN” NFT collections.
— OSINTtechnical (@Osinttechnical) July 3, 2022
A screenshot shows hackers pinning a tweet to a fake mint from The Possessed’s NFT collection, likely a phishing link that would deplete the user’s funds if their crypto wallet was connected. Tom Watson, one of the creators of the collection, warned that the information was false and asked his followers to report the account.
The @BritishArmy has been compromised and is currently being used to shill NFTs.
— vx-underground (@vxunderground) July 3, 2022
On YouTube, the hackers changed the name of the account to resemble the investment firm Ark Invest, founded by Cathie Wood, and posted live videos of purported interviews with Elon Musk and Twitter founder Jack Dorsey, which they were being watched by thousands of people.
On the seized YouTube channel, posted videos featured QR Codes for viewers to send cryptocurrency, claiming they would receive double back, and promoted other QR code crypto giveaway scams.
At this time it is unknown who was behind the attack, how they pulled it off, and how many people may have fallen victim to the phishing and scam links. The British Army has since removed all links, tweets and related material from the account leaks.
As reported by Cointelegraph, cryptocurrency scammers have lost up to $1 billion in 2021, with nearly 50% of all cryptocurrency-related scams coming from social media platforms. The US Federal Trade Commission even called social media and cryptocurrencies a “combustible combination for fraud.”
In late May, NFT artist Beeple’s Twitter account was compromised and posted links to a phishing website that provided the attacker with over $438,000 worth of crypto and several NFTs. The links were made to look like a “surprise mint” from a new Beeple NFT collection.
Later in June, a similar phishing link was posted on the compromised Twitter account of the upcoming Duppies NFT collection, and at least one victim lost 650 Solana (SOL), worth about $18,850 at the time.