NYDFS Seeking Answer from Crypto Firms after Twitter Hack

6

Back in July, there was a high-profile Twitter attack in which some hackers managed to gain access to accounts of some prominent individuals and the cryptocurrency industry is still trying to come to terms with it. The New York state government is one those who are seeking answers, as a report on the incident was published by its financial regulator. Earlier this week, the report was published by the New York Department of Financial Services (NYDFS), which described the impact of the hack and how it had made the need for better security protocols in the crypto space rather obvious.

It was asserted by the financial regulator that the incident highlighted that even Twitter, a publicly traded tech-giant, needs to improve its security. Since Twitter seems to have an ever-expanding technological and political influence, it should implement stronger security measures. Two main sections of the report were focused on how the hack had impacted crypto firms operating in New York and how these companies had kept their clients safe from hackers. The financial regulator also asked companies to provide suggestions on how to prevent any attacks in the future. The NYDFS justified the inquiry by explaining that in the attack’s third phase, hackers had targeted companies operating within its jurisdiction.

Hence, it said that it had every right to know how these exchanges had responded. According to the report, hackers had gained access to accounts on the Gemini Exchange and Coinbase, along with payment processor Square. Nonetheless, these three companies had quickly blocked the Bitcoin addresses used by the hackers once they posted them on the social network. The NYDFS was more specific and said that it had taken 20 minutes for the addresses to be blocked, once they were posted by the hackers. 5,670 transfers were blocked by Coinbase, which saved its clients about $1.29 million.

Two transfers valued at $18,000 were blocked by Gemini whereas 358 transfers were blocked by Square that were worth $51,000. There were a total of 22 companies that had relations to the addresses of the hackers out of which 15 blocked them and seven didn’t. This was because these companies had different business models and didn’t directly handle transfer and custody services. Thus, they were unable to take any action. As far as recommendations by companies are concerned, they included better social media monitoring as this could provide quicker alerts if this happens again, stronger passwords, basic security protocols and also multi-factor authentication for any transfers.

They also said that employees should be given limited access to social media accounts. As for Twitter, they have already taken a number of measures for preventing a reoccurrence. An update was published by the social media giant after the hack in which it said that hackers had targeted its employees with social engineering tricks. It disclosed that a spear-phishing attack had also been used where a small group of employees was targeted to gain access. The information was then used for targeting employees who could access the support tools of accounts.