On Tuesday, I had my @fredwilson account taken over.
I haven't used that account for almost eighteen months, but it has almost 700,000 followers and has the potential to do a lot of harm in the wrong hands.
I am writing this to explain what happened so that others might learn from my mistakes.
On Tuesday at 3:35pm eastern, while I was in a taxi on my way from a doctor appointment to my home office, I saw this email come into my inbox.
That got my attention. A "login to my account" from an iPhone in Greece was certainly not me.
I should have looked more closely at the sender email address. That would have told me this was a scam. But I was on a call on my phone, in a taxi, so I clicked on the "Secure your X account now here" link and logged in to change my password. In doing so, I provided my password and two factor code to the hacker.
There are a host of mistakes in that last paragraph. All of them are things I know better than to do. But I did all of them.
First, I should have inspected the sender email address more closely. I did not.
Second, I should have inspected the URL of the webpage that the "secure your account now here" link took me to. I did not.
Third, I should have just ignored the email because I have a strong 2 factor system using Yubikeys on that account. I also have a very strong password on it. A login from an iPhone in Greece would be almost impossible.
But I did none of those things. I was multi-tasking, in transit, and jet lagged. And I screwed up.
I knew it almost instantly. And then, for three hours I tried escalating the situation to Twitter/X support to get them to shut the account down. I knew what was coming. Anyone who has access to that account can run a scam at almost 700k followers.
I was unable to get to anyone who could escalate to Twitter. I filed several account takeover support requests and texted a bunch of people I thought could get to someone at Twitter. But none of that worked.
It was like watching a train wreck in slow motion. I knew what was coming and could not stop it.
Around 6:15pm eastern, this scam was posted to my account.
Almost immediately my phone filled up with messages from all sorts of people letting me know my account had been hacked. A few of them offered to escalate to Twitter/X. I encouraged all of them to do that.
In particular, Sriram Krishnan came to the rescue. Not only did he escalate to the right people at Twitter/X, but he also helped me in the following days to get control of my account back. I am extremely grateful for all that he did for me this week.
I am not clear what kind of scam was run on claim-fred dot com. It could have simply been a way to get minting fees. But I fear it was a more sophisticated attack aimed at sweeping wallets of funds and NFTs. I feel terrible about that. It would not have happened but for my mistakes.
I'd also love any suggestions for getting claim-fred dot com taken down. Coinbase Wallet has a warning on it already which is great.
But I'd like to see it come down entirely if there is a way to make that happen.
I am frequently targeted with hacks. There have been three now that I have written about on AVC. Two of them have come in the last few months. I understand I am a target. I also understand that I have a responsibility to exercise great caution because of that.
I failed to do that this week and I am very sorry about that.
Hi Casters. My @fredwilson Twitter account was taken over by a hacker on Tuesday and used to run a scam. I wrote this today in the hopes that others might learn from my mistakes https://avc.xyz/anatomy-of-a-twitterx-account-takeover-hack
Thanks for sharing this Fred. I had something similar happen to me recently with someone impersonating Coinbase support. Btw, I read this from a Frame in the Warpcast feed (!)
I’m sorry this happened to you, Fred. Now, you’re in a better place 🙂
which frame is this?