The crypto industry is still reeling from the fallout of July’s high-profile Twitter attack in which several hackers manage to impersonate some top individuals on the app. Joining those searching for answers is the New York state government, as its financial regulator has released a report on the incident.
Compiling a Report Card on the Crypto Industry
The report, which the New York Department of Financial Services (NYDFS) published earlier this week, describes the hack’s impact and how it has exposed a deep need for better security protocols in the crypto industry.
The financial regulator asserted that the incident merely showed that even a publicly-traded tech giant like Twitter needs to work on its security. Considering that Twitter has an ever-expanding political and technological influence, it should have stronger security measures.
Two main sections of the report tackle the hack’s impact on some crypto firms that operate in New York and how these companies protected their clients from hackers. The financial regulator also took suggestions from companies on how to prevent related attacks in the future. Justifying the inquiry, the NYDFS explained that the third phase of the attack saw the hackers target companies that operate within its jurisdiction. Thus, it had every right to investigate how they responded.
As the report showed, hackers managed to break into the accounts of Coinbase and the Gemini Exchange, as well as that of payment processor Square. However, these three companies were quick to block the hackers’ Bitcoin addresses once they were posted on the social network. More specifically, the NYDFS pointed out that the addresses had been blocked less than 40 minutes after the hackers posted them.
Coinbase managed to block about 5,670 transfers, saving customers about $1.29 million. Square stopped 358, saving customers $51,000. Gemini blocked two transfers, valued at $18,000.
All in all, 22 companies surveyed had relations with hackers and their addresses. While 15 managed to block transfers to the addresses, seven didn’t. the NYDFS noted that some of the firms that didn’t block their accounts had different business models than the ones who did and couldn’t directly handle transfer and custody services. So, they couldn’t act.
As for companies’ recommendations, many counseled for using stronger passwords, better social media monitoring to ensure quicker alerts when such an occurrence happens, and multi-factor authentication for transfers and basic security protocols. They also counseled that company employees’ access to social media accounts should be limited.
Twitter Makes Up for Its Mess
As for Twitter, the company already completed several measures to ensure that such an event doesn’t happen again. In the days following the hack, the social media giant published an update revealing that the hackers had deployed social engineering tricks on some of its employees.
The company added that hackers had also run a spear-phishing attack where they targeted a small number of employees and gained access to their fines. Then, they used this information to target the employees who had access to accounts’ support tools.
The social media company has committed to improving its internal control tools and training its staff to be better prepared for such issues.