On Tuesday, I had my @fredwilson account taken over.
I haven't used that account for almost eighteen months, but it has almost 700,000 followers and has the potential to do a lot of harm in the wrong hands.
I am writing this to explain what happened so that others might learn from my mistakes.
On Tuesday at 3:35pm eastern, while I was in a taxi on my way from a doctor appointment to my home office, I saw this email come into my inbox.
That got my attention. A "login to my account" from an iPhone in Greece was certainly not me.
On Tuesday, I had my @fredwilson account taken over.
I haven't used that account for almost eighteen months, but it has almost 700,000 followers and has the potential to do a lot of harm in the wrong hands.
I am writing this to explain what happened so that others might learn from my mistakes.
On Tuesday at 3:35pm eastern, while I was in a taxi on my way from a doctor appointment to my home office, I saw this email come into my inbox.
That got my attention. A "login to my account" from an iPhone in Greece was certainly not me.
I should have looked more closely at the sender email address. That would have told me this was a scam. But I was on a call on my phone, in a taxi, so I clicked on the "Secure your X account now here" link and logged in to change my password. In doing so, I provided my password and two factor code to the hacker.
There are a host of mistakes in that last paragraph. All of them are things I know better than to do. But I did all of them.
First, I should have inspected the sender email address more closely. I did not.
Second, I should have inspected the URL of the webpage that the "secure your account now here" link took me to. I did not.
Third, I should have just ignored the email because I have a strong 2 factor system using Yubikeys on that account. I also have a very strong password on it. A login from an iPhone in Greece would be almost impossible.
But I did none of those things. I was multi-tasking, in transit, and jet lagged. And I screwed up.
I knew it almost instantly. And then, for three hours I tried escalating the situation to Twitter/X support to get them to shut the account down. I knew what was coming. Anyone who has access to that account can run a scam at almost 700k followers.
I was unable to get to anyone who could escalate to Twitter. I filed several account takeover support requests and texted a bunch of people I thought could get to someone at Twitter. But none of that worked.
It was like watching a train wreck in slow motion. I knew what was coming and could not stop it.
Around 6:15pm eastern, this scam was posted to my account.
I should have looked more closely at the sender email address. That would have told me this was a scam. But I was on a call on my phone, in a taxi, so I clicked on the "Secure your X account now here" link and logged in to change my password. In doing so, I provided my password and two factor code to the hacker.
There are a host of mistakes in that last paragraph. All of them are things I know better than to do. But I did all of them.
First, I should have inspected the sender email address more closely. I did not.
Second, I should have inspected the URL of the webpage that the "secure your account now here" link took me to. I did not.
Third, I should have just ignored the email because I have a strong 2 factor system using Yubikeys on that account. I also have a very strong password on it. A login from an iPhone in Greece would be almost impossible.
But I did none of those things. I was multi-tasking, in transit, and jet lagged. And I screwed up.
I knew it almost instantly. And then, for three hours I tried escalating the situation to Twitter/X support to get them to shut the account down. I knew what was coming. Anyone who has access to that account can run a scam at almost 700k followers.
I was unable to get to anyone who could escalate to Twitter. I filed several account takeover support requests and texted a bunch of people I thought could get to someone at Twitter. But none of that worked.
It was like watching a train wreck in slow motion. I knew what was coming and could not stop it.
Around 6:15pm eastern, this scam was posted to my account.
Almost immediately my phone filled up with messages from all sorts of people letting me know my account had been hacked. A few of them offered to escalate to Twitter/X. I encouraged all of them to do that.
In particular, Sriram Krishnan came to the rescue. Not only did he escalate to the right people at Twitter/X, but he also helped me in the following days to get control of my account back. I am extremely grateful for all that he did for me this week.
I am not clear what kind of scam was run on claim-fred dot com. It could have simply been a way to get minting fees. But I fear it was a more sophisticated attack aimed at sweeping wallets of funds and NFTs. I feel terrible about that. It would not have happened but for my mistakes.
I'd also love any suggestions for getting claim-fred dot com taken down. Coinbase Wallet has a warning on it already which is great.
Almost immediately my phone filled up with messages from all sorts of people letting me know my account had been hacked. A few of them offered to escalate to Twitter/X. I encouraged all of them to do that.
In particular, Sriram Krishnan came to the rescue. Not only did he escalate to the right people at Twitter/X, but he also helped me in the following days to get control of my account back. I am extremely grateful for all that he did for me this week.
I am not clear what kind of scam was run on claim-fred dot com. It could have simply been a way to get minting fees. But I fear it was a more sophisticated attack aimed at sweeping wallets of funds and NFTs. I feel terrible about that. It would not have happened but for my mistakes.
I'd also love any suggestions for getting claim-fred dot com taken down. Coinbase Wallet has a warning on it already which is great.
But I'd like to see it come down entirely if there is a way to make that happen.
I am frequently targeted with hacks. There have been three now that I have written about on AVC. Two of them have come in the last few months. I understand I am a target. I also understand that I have a responsibility to exercise great caution because of that.
I failed to do that this week and I am very sorry about that.
But I'd like to see it come down entirely if there is a way to make that happen.
I am frequently targeted with hacks. There have been three now that I have written about on AVC. Two of them have come in the last few months. I understand I am a target. I also understand that I have a responsibility to exercise great caution because of that.
I failed to do that this week and I am very sorry about that.
AVCWhat Will Happen In 2025
I've done a lot of these January 1st look forward posts in the 20+ years I've been blogging. I've used many different approaches. I sometimes talk big themes, like I did last year. I sometimes focus on just one thing. And sometimes I just make a bunch of predictions. I am going to do the latter approach today because I feel like it and it's so much fun. 1/ Apple and Google will leverage their existing market power to surpass OpenAI/ChatGPT in consumer AI prompts by the end of 2025. 2/ Waymo w...
AVCStartup Mortality Rates
A friend of mine stopped by the USV office the other morning and asked me about startup mortality rates. Her business sells to startups a...
AVCWhat Will Happen In 2025
I've done a lot of these January 1st look forward posts in the 20+ years I've been blogging. I've used many different approaches. I sometimes talk big themes, like I did last year. I sometimes focus on just one thing. And sometimes I just make a bunch of predictions. I am going to do the latter approach today because I feel like it and it's so much fun. 1/ Apple and Google will leverage their existing market power to surpass OpenAI/ChatGPT in consumer AI prompts by the end of 2025. 2/ Waymo w...
AVCStartup Mortality Rates
A friend of mine stopped by the USV office the other morning and asked me about startup mortality rates. Her business sells to startups a...
AVCNotebook Lawyer
When USV commits to investing in a startup, we negotiate a term sheet and then hand over the details to our lawyers. The startup hires a lawyer, and we hire a lawyer. The startup's lawyer prepares the closing documents, and our lawyer reviews them. In addition, our lawyer conducts "legal due diligence," which primarily involves reviewing existing contracts, stock issuances, the charter, and other relevant legal documents. This process is expensive and made worse because the startup typically ...
AVCNotebook Lawyer
When USV commits to investing in a startup, we negotiate a term sheet and then hand over the details to our lawyers. The startup hires a lawyer, and we hire a lawyer. The startup's lawyer prepares the closing documents, and our lawyer reviews them. In addition, our lawyer conducts "legal due diligence," which primarily involves reviewing existing contracts, stock issuances, the charter, and other relevant legal documents. This process is expensive and made worse because the startup typically ...
Support AVC
AVCAnatomy Of A Twitter/X Account Takeover Hack
Support AVC
AVCAnatomy Of A Twitter/X Account Takeover Hack
>36K subscribers
>36K subscribers
Hi Casters. My @fredwilson Twitter account was taken over by a hacker on Tuesday and used to run a scam. I wrote this today in the hopes that others might learn from my mistakes https://avc.xyz/anatomy-of-a-twitterx-account-takeover-hack
damn, sorry to hear... since tweelon buyout I felt that the increase of ads with phishing attempts as ads, comments, and fake users skyrocketed. thank you for the write up and glad you manage to solve it
I’m sorry this happened to you, Fred. Now, you’re in a better place 🙂
Thanks for sharing this Fred. I had something similar happen to me recently with someone impersonating Coinbase support. Btw, I read this from a Frame in the Warpcast feed (!)
Thanks for sharing this and for demonstrating leadership by owning your mistake. It’s a great example that we all should follow. Also, hats off to @sriramk.eth
Thank you for sharing this so openly. We are all human and it shows how prone we all are to attacks like this even with good security practices. ❤️
The psychological engineering warfare is tough. Thank you for sharing and helping us all learn together.
Sorry that happened to you. Another example of scammers using FUD to social engineer you into giving them access. AI email scam checks should solve this soon I would think. Seems like an generative AI could quickly scan your email/follow links/check domains and block it before you see it.
Happens to best of us. Sry fren.
Share Dialog
Share Dialog
11 comments
Hi Casters. My @fredwilson Twitter account was taken over by a hacker on Tuesday and used to run a scam. I wrote this today in the hopes that others might learn from my mistakes https://avc.xyz/anatomy-of-a-twitterx-account-takeover-hack
damn, sorry to hear... since tweelon buyout I felt that the increase of ads with phishing attempts as ads, comments, and fake users skyrocketed. thank you for the write up and glad you manage to solve it
I’m sorry this happened to you, Fred. Now, you’re in a better place 🙂
Thanks for sharing this Fred. I had something similar happen to me recently with someone impersonating Coinbase support. Btw, I read this from a Frame in the Warpcast feed (!)
Thanks for sharing this and for demonstrating leadership by owning your mistake. It’s a great example that we all should follow. Also, hats off to @sriramk.eth
which frame is this?
oh wait nm its @paragraph's frame
Thank you for sharing this so openly. We are all human and it shows how prone we all are to attacks like this even with good security practices. ❤️
The psychological engineering warfare is tough. Thank you for sharing and helping us all learn together.
Sorry that happened to you. Another example of scammers using FUD to social engineer you into giving them access. AI email scam checks should solve this soon I would think. Seems like an generative AI could quickly scan your email/follow links/check domains and block it before you see it.
Happens to best of us. Sry fren.