The Information Highway

The Information Highway

Font size: +
2 minutes reading time (439 words)

Bloomberg Crypto X account snafu leads to Discord phishing attack

The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack.  

As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members.

According to ZachXBT, Bloomberg previously maintained an older Telegram channel under the username @BloombergNewsCrypto, a detail shared on X/Twitter in August 2023.

In October 2023, they updated the Telegram username to @BloombergCrypto. However, a scammer seized the old Telegram username during this transition. Exploiting the fact that Bloomberg's previous Telegram link remained active, the scammer used it today as part of a phishing scheme.

"If you are interested, please head over to, our official and only discord server for more information on how to start an application: https://discord[.]gg/bloomberg," a message on the Telegram channel now reads.

"Join the Bloomberg Crypto Discord Server! Check out the Bloomberg Crypto community on Discord - hang out with 33975 other members and enjoy free voice and text chat." 

Hijacked Bloomberg Crypto account (BleepingComputer)

Upon entering the Discord server, a bot prompts visitors to use AltDentifier, an authentic Discord Verification Bot.

Rather than linking to the legitimate https://altdentifier.com/ address, it presents a link to a deceptive page using an altered domain (altdentifiers[.]com) with an extra 's' at the end of the original domain name.

The "Bloomberg Crypto staff team" gives visitors 30 minutes to go to this site and complete the verification process.

After clicking the link to 'verify' their account, the potential victims are prompted by the AltDentifiers phishing website to verify with Discord, aiming to steal their Discord login credentials.

"The server administrators have implemented additional security measures on this server, which include the requirement for all accounts to verify their Discord account," the phishing site says.

"Once your account is successfully verified, you will be able to freely participate in the server. Please note that administrators have the authority to override the system if necessary." 

AltIdentifiers phishing website (BleepingComputer)

The malicious link was removed from the Bloomberg Crypto X/Twitter account 30 minutes after ZachXBT's initial tweet.

As many crypto communities reside on Discord, threat actors commonly attempt to steal credentials for accounts that frequent such servers.

These hijacked accounts can then be used to promote cryptocurrency scams designed to steal users' cryptocurrency assets while appearing to be from a legitimate source.

Google shares plans for blocking third-party cooki...
CISA warns of actively exploited Windows, Sophos, ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023