# Anatomy Of A Twitter/X Account Takeover Hack

**Published by:** [AVC](https://avc.xyz/)
**Published on:** 2024-02-09
**URL:** https://avc.xyz/anatomy-of-a-twitterx-account-takeover-hack

## Content

On Tuesday, I had my @fredwilson account taken over. I haven't used that account for almost eighteen months, but it has almost 700,000 followers and has the potential to do a lot of harm in the wrong hands. I am writing this to explain what happened so that others might learn from my mistakes. On Tuesday at 3:35pm eastern, while I was in a taxi on my way from a doctor appointment to my home office, I saw this email come into my inbox.That got my attention. A "login to my account" from an iPhone in Greece was certainly not me. I should have looked more closely at the sender email address. That would have told me this was a scam. But I was on a call on my phone, in a taxi, so I clicked on the "Secure your X account now here" link and logged in to change my password. In doing so, I provided my password and two factor code to the hacker. There are a host of mistakes in that last paragraph. All of them are things I know better than to do. But I did all of them. First, I should have inspected the sender email address more closely. I did not. Second, I should have inspected the URL of the webpage that the "secure your account now here" link took me to. I did not. Third, I should have just ignored the email because I have a strong 2 factor system using Yubikeys on that account. I also have a very strong password on it. A login from an iPhone in Greece would be almost impossible. But I did none of those things. I was multi-tasking, in transit, and jet lagged. And I screwed up. I knew it almost instantly. And then, for three hours I tried escalating the situation to Twitter/X support to get them to shut the account down. I knew what was coming. Anyone who has access to that account can run a scam at almost 700k followers. I was unable to get to anyone who could escalate to Twitter. I filed several account takeover support requests and texted a bunch of people I thought could get to someone at Twitter. But none of that worked. It was like watching a train wreck in slow motion. I knew what was coming and could not stop it. Around 6:15pm eastern, this scam was posted to my account.Almost immediately my phone filled up with messages from all sorts of people letting me know my account had been hacked. A few of them offered to escalate to Twitter/X. I encouraged all of them to do that. In particular, Sriram Krishnan came to the rescue. Not only did he escalate to the right people at Twitter/X, but he also helped me in the following days to get control of my account back. I am extremely grateful for all that he did for me this week. I am not clear what kind of scam was run on claim-fred dot com. It could have simply been a way to get minting fees. But I fear it was a more sophisticated attack aimed at sweeping wallets of funds and NFTs. I feel terrible about that. It would not have happened but for my mistakes. I'd also love any suggestions for getting claim-fred dot com taken down. Coinbase Wallet has a warning on it already which is great.But I'd like to see it come down entirely if there is a way to make that happen. I am frequently targeted with hacks. There have been three now that I have written about on AVC. Two of them have come in the last few months. I understand I am a target. I also understand that I have a responsibility to exercise great caution because of that. I failed to do that this week and I am very sorry about that.

## Publication Information

- [AVC](https://avc.xyz/): Publication homepage
- [All Posts](https://avc.xyz/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@avc): Subscribe to updates

## Optional

- [Collect as NFT](https://avc.xyz/anatomy-of-a-twitterx-account-takeover-hack): Support the author by collecting this post
- [View Collectors](https://avc.xyz/anatomy-of-a-twitterx-account-takeover-hack/collectors): See who has collected this post