hack to MicroStrategy’s X (Twitter) profile

The offending tweet was removed shortly after, probably because they noticed it quickly and managed to intervene promptly. When that tweet was published in the US it was Sunday evening, so the intervention was carried out really promptly.

The crypto scam and the hack of MicroStrategy’s Twitter (X) profile

The fraudulent token was called MSTR, which exactly resembles the stock market ticker of the MicroStrategy stock.

The tweet that the hackers published spoke of MSTR as an Ethereum token fully integrated within the MicroStrategy ecosystem, but this was obviously a lie.

Another colossal lie contained in that tweet is that MSTR is backed by MicroStrategy and its Bitcoin reserves.

A crypto token called MSTR actually exists, but it is the BEP20 token on the Monsterra project’s BSC.

It should be noted that the fraudulent tweet remained online for so long that the price of MSTR almost didn’t even have time to react. In fact, its market value only went from 66 thousandths of a dollar to 68 thousandths, and then returned to 66 after the publication of the news that it had been a hack.

On the other hand, that tweet was obviously fraudulent, also because it would not make sense for a company listed on the stock exchange like MicroStrategy to publicly give away one of its tokens collateralized with its own BTC with an airdrop.

The Monsterra token probably has nothing to do with this scam attempt, also because the choice of the name MSTR is linked to the ticker of the MicroStrategy stock on the stock exchange.

The scam consisted of convincing users to click on a link posted by the hackers passed off as the web page where they could ask to receive the tokens distributed with the fake airdrop.

The link led to a site with the domain microstralegy.com, with an L instead of a T. In fact, the correct domain of the official MicroStrategy website is microstrategy.com.

Monsterra’s real MSTR token made its debut on the crypto markets in August 2022, in the middle of the bear market, at 287 thousandths of a dollar, and since then its price has almost done nothing but fall. Overall it has a market capitalization of less than $800,000.

The effect of the scam

Despite all this, it still appears that crypto funds totaling more than $400,000 were stolen in this way.

In fact, the public Ethereum address to which the scammers had the ETH sent, promising fake MSTR tokens in exchange, is known, and several tokens appear to have been sent to that address.

So although the fraudulent tweet was removed very quickly by MicroStrategy, and although it was clear that it was a scam, the hackers still managed to collect a good loot due to ignorance and naivety.

Unfortunately, there are many inexperienced or excessively naive people operating on the crypto markets, who are all too easily convinced with bombastic promises to give up their funds to scammers.

Twitter: MicroStrategy’s reaction to the crypto hack

For now the company has limited itself to intervening by eliminating the fraudulent tweet.

Since it is a company listed on the stock exchange, and since the event occurred on Sunday evening, we presumably have to wait until Monday morning before they can thoroughly analyze the incident and let people know what happened.

Later in the day they will hopefully post on the same X profile how this one was hacked, and how they decided to protect it.

It is not the first time something similar has happened, so much so that last month hackers even managed to access the SEC’s official profile.

Typically these hacks exploit a technique called SIM swap which allows you to simulate ownership of the user’s telephone number in order to have an SMS sent to recover the password or access to the profile. In these cases it would be better to activate two-factor authentication, so as to reduce the risk that an SMS is enough to penetrate the profile.

Crypto scams

Crypto scams are numerous, and essentially they are always based on the concept of convincing naive people to voluntarily send their funds to scammers by convincing them with lies, as in this case.

Unfortunately, when such lies are published on official websites or social profiles it becomes much more difficult to recognize them.

The most emblematic case in this sense is precisely that of January, when hackers published the false news of the approval of spot Bitcoin ETFs on the SEC’s official X profile, just the day before the real approval arrived.

In that case the only way to recognize the lie was the linguistic style used in the tweet, which evidently was not at all suited to the institutional style of the SEC.

However, in the case of MicroStrategy it was much simpler, because it is impossible to imagine that the company had decided to give away tokens collateralized with their Bitcoin.