Sri Lankan Airlines Twitter hacked over crypto scam

The official Twitter account of Sri Lankan Airlines has been hijacked in what appears to be the latest round of crypto scams running rampant on social media. Though crypto scams have been around for some time, these types of attacks have been occurring at an increasing frequency over the past couple of years. The latest iteration of these crypto scams seems to revolve around the recent Ethereum merge to a proof of stake (more on that later).

Hacked: Sri Lankan Airlines goes crypto

Sri Lankan Airlines is yet to respond following the attack and at the time of writing, the account remains to be compromised. Right now, it’s unclear how attackers may have gotten through to the airlines’ verified Twitter account. Though possible reasons could vary from unsecured remote logged-in devices to phishing attacks. In any case, there’s little indication that the attackers have gotten far, at least in terms of the actual scamming of it all.

Typically, once an account of this nature gets hijacked its profile gets bombarded with crypto-related tweets followed by some type of supposed crypto giveaway. The approach has reaped benefits for scammers in the past where in one instance, attackers were able to siphon USD 10,000 within two hours via a hijacked YouTube account. Though it may seem obvious even to the typical viewer, it’s far trickier to spot a compromised account on platforms like Twitter. Particularly when there’s a verified tick next to the said profile.

The issue has been a prevalent one on Twitter in particular and the company is very much aware of the situation. Back in 2018, scammers impersonated public figures like Elon Musk, John McAffee, or even Ethereum co-founder Vitalik Buterin. At the time, Twitter stated that its “aware of this form of manipulation and is proactively implementing a number of signals to prevent these types of accounts from engaging with others in a deceptive manner.” Almost four years later, the problem only seems to be getting bigger.

So far, verified accounts like @cityarabia, @gofirstairways, and @imagekhabar have fallen victim to these crypto scam hacks. In this case, it was Vitalik who was supposedly doing an ETH giveaway. These scams popped up noticeably amid Ethereum’s recent shift to proof-of-stake and even continued on well after the merge.

Wait, what’s this Ethereum merge?

For those wondering what the Ethereum merge story is all about, here’s an explainer. Prior to the merge, Ethereum ran on proof-of-work, one of the consensus mechanisms that the blockchain operates on. Consensus mechanisms are a means of ensuring users’ honesty around transactions, or in other words, preventing bad actors from cheating (e.g.- double spending).

With proof-of-work, cryptocurrency transactions are verified via mining. This involves using high computing power to solve cryptographic puzzles for what is known as block rewards, units of cryptocurrency awarded in turn for this type of work done on a blockchain. One of the biggest problems with this method is that it’s a highly competitive space and one that consumes a lot of energy. Furthermore, increased interest in crypto mining alone has caused massive global supply chain issues around GPUs.

Proof-of-stake on the other hand involves randomly chosen validators to ensure the reliability of a crypto transaction (consensus mechanism remember). In return, these validators get rewarded with crypto.

For a long time, like Bitcoin and Doge, Ethereum operated on a proof-of-work model. The merge represented its move to a proof-of-stake mechanism. Being the second largest cryptocurrency in the world, the shift was significant for the industry and one that was bound to garner a lot of attention. Some of this attention has come in the form of an ambitious surge of crypto scam hacks, notably on platforms like Twitter. Unfortunately, Sri Lankan Airlines is only one of several targeted by these recent rounds of hacks.

Not the first Sri Lankan entity

Interestingly, Sri Lankan Airlines isn’t the first local entity to fall victim to a crypto scam hack. Back in 2021, Derana’s YouTube channel was compromised in a similar attempt. The channel was hacked by exploiting a vulnerability in one of the remote access software to gain entry into a pre-logged PC. Even Sirasa’s YouTube channels were also hacked in the same year. Though they were reportedly recovered within three hours.

As more eyeballs continue to fixate on the world of cryptocurrency, so will the attempts at these types of hacks. Last year, a Lankan media company’s verified YouTube channel with over three million subscribers was easily taken over by scammers. Now, a verified Twitter account with almost 118,000 followers belonging to Sri Lanka’s national airline carrier was hijacked in another round of crypto scams. It’s a worrying trend, one that requires more attention even at a local level. After all, Sri Lanka does have its own national crypto committee.

But this is only part of the problem, at least where Sri Lanka is concerned. Time and time again, the country’s lackluster approach to cybersecurity has often come at a cost. Incidents such as the LK Domain Registry hack, April’s government website takedowns, and PayHere’s 1.5 million records data breach, point to a more growing need to focus on cybersecurity across the board. If let unattended, a hacked verified Twitter account of a national entity may be the least of Sri Lanka’s worries.