Celebrity Twitter Hack Prompts Warning From Treasury’s Crime Unit

The Treasury Department’s crime enforcement network wasted little time in warning financial institutions to be on the lookout for convertible virtual currency (CVC) scams like the one that permeated high-profile Twitter accounts Wednesday.

Cyber threat actors compromised the accounts of public figures — including Elon Musk, Barack Obama, Joe Biden and Kanye West — as well as organizations and financial institutions to solicit payments to CVC accounts, claiming that any CVC sent to a wallet address would be doubled and returned to the sender, FinCEN explains in an alert.

“It is critical that CVC exchanges and other financial institutions identify and report suspicious transactions associated with this type of activity as quickly as possible,” the alert states.

“If you receive one of these solicitations, do not send money or provide any personal or confidential information to these individuals without independent verification of authenticity,” FinCEN states.

Financial institutions should include any relevant technical cyber indicators related to cyber events and associated transactions within the available structured cyber event indicator fields on the Suspicious Activity Report (SAR) form, the alert explains.

“Any data or information that helps identify the activity as suspicious can be included as an indicator. Examples include chat logs, suspicious IP addresses, suspicious email addresses, suspicious filenames, malware hashes, CVC addresses, command and control (C2) IP addresses, C2 domains, targeted systems, MAC address or port numbers.”

The alert points to other financial red flag indicators of illicit CVC activity, as well as how to file a SAR.