We've seen some high profile hacks against social media accounts over the last year. Although Discord has been the primary target, averaging 1 hack almost every other day in some cases, we've seen the BAYC instagram get hacked, and most recently, the Mutant Hounds Twitter was compromised. We've gone over prevention methods in some of our earlier articles, but today we're going to cover damage control: what to do once you suspect or have been hacked.

Revoke Permissions & Logout Others!

If you still have access to the account, it could be that your Twitter was compromised through an app, or by one of your Tweet Deck's team's Twitter account. 

1.  While logged in, visit Apps in your settings. Revoke access for any third-party application that you don't recognize.
2. If your team uses TweetDeck, Click Your account → Manage Team → Click a Team Member → Change Role → Remove from team. 
3. For good measure, kill any other active sessions by going to your main page and selecting “More…” → Settings and Privacy → Apps and Sessions → and select “Log Out of all other sessions”.

If you don't have access to the account anymore, simply skip this step.

Change Your Password(s)

Oftentimes an account becomes compromised, through either your computer, or weak/leaked passwords for your other accounts. For example, if you use a password for a secondary e-mail account that shares a password from say, an old Yahoo account you used back in the day. it could easily become compromised.

A typical attack vector might be to compromise a secondary account to a primary e-mail that is connected to your Twitter account, changing passwords along the way. It is critical you harden passwords and have 2FA on all listed backup accounts as well!

1. If you are still logged in → Settings and Support → Settings and Privacy → Your account → Change Password.
2. If you are UNABLE to log in → go to Login → click on Forgot Password.

For good measure, change your password on your e-mail account as well, and check if your e-mail account has a secondary e-mail attached to it - if so, change that password as well. It is advised that you add a non-SMS source of two-factor-authentication (2FA) to avoid SIM swap attacks, which are common against companies and High Net Worth individuals.

🛈 For instructions on how to change your Google account password, and to add a second factor, check links in-line! 🛈

Secure Your Factors

SIM Swaps are a miserable and violating way that hundreds of prominent Twitter users including nounsDAO, BAYC holders like Machibigbrother and JRNY get hacked. A SIM Swap occurs when your phone company is socially engineered into changing your SIM card on your account to one owned by the scammer. They will then use it to login to your accounts. So how can you secure your factors? Here is an article from Twitter on how to add or change your 2FA settings.

Are you using NO 2FA ANYWHERE?

1. It is highly recommended that at least at a minimum folks should be using Authy/Google Authenticator as 2FA to secure their Twitter accounts. Enable this immediately if you have gained access to your Twitter account. Add these to your accounts, Twitter, e-mail, secondary e-mails, and any crypto exchange you use, while you're at it! 

Are you using SMS based 2FA?

1. Ensure that your phone is disconnected from Wi-Fi and is able to make a non-emergency call.
   1. If you have no service, you have been SIM swapped, call your wireless provider immediately. 
   2. If you have service, you're likely fine, but consider upgrading to Authy/Google Authenticator, or even better a Yubikey or other U2F device. Alternatively, you can use your Ledger hardware wallet as 2FA on many services (though Twitter is not currently supported).

Are you using Google Auth/Authy app authenticator?

It is highly unlikely that these methods of authentication have been compromised. The most common way these are compromised are via back-up codes or 1-time logon codes being stored in e-mail or on plain text on your computer or a password manager. If you believe you have done this, remove 2FA, and regenerate a new code for that service. 

Are you using a Yubikey or U2F?

You're awesome. For most services, you can add multiple of these hardware devices. Ensure anyone else who has one on this account, still has possession of it! If so, you're good!

Alert Your Community

Hacks in this space are costly. Every second they persist, thousands, sometimes millions of dollars of liquidity are at risk of being scammed and leaving the ecosystem forever, enriching the scammers, and destroying communities. Although action plans may vary from team to team, it is important you try your best to regain control of the account, and lock it down from further exploit. This part is about damage control. The less gets stolen, the easier it is to recover with grace from these hacks.

Alert your community with EVERY communication means you have on file. This means:

1. Discord/Telegram Alerts: This is critical. Web3 is currently over-reliant on discord, as it has poorly designed security. However, this is about REACHING YOUR COMMUNITY. @everyone and make it punchy! 
2. Engage Your Community Managers: Try and reach out to your largest holders or most prominent community members (if its pre-mint) on Twitter/Discord and warn them of the hack.
3. Stop people from engaging with the tweets! Every single person that likes a tweet (or comments if those are still enabled, but they likely will not be), have your community managers message them, @ them, and warn them of the scam. This was effective during the Mutant Cartel.
4. Ever do a Premint or collect e-mails for merch/other? You might have some e-mail addresses that users wouldn't mind if it was repurposed to try to protect them in an emergency. E-mail them ASAP!

Alert Boring Security

Boring Security is here to help you. We also have a wide reach of community managers, security professionals, as well as Twitter reps and domain registrars. We can assist you in your incident response and help walk you through these steps in more nuanced detail as its happening if needed. We are a free community public good. Don't hesitate to reach out! 

Some of the things we might do with you in case we aren't around to help you:

1. Open a Twitter Support Ticket , and try and help you escalate it with our contacts.
2. Often if your twitter is compromised, we can reach out to the Domain Registrars for you. If the hacker is posting scam links from your twitter account, you can check the WHOIS information on the domain, and report it to the registrar for fraud. Here are some common registrars used by fraudsters, and their support channels:
   1. Namecheap (File an Abuse Report) - they are also responsive on Twitter.
   2. Epik (File an Abuse Report) - Call as well! +1 (800) 410-0728
   3. Porkbun (File an Abuse Report) - E-mail is much faster: abuse@porkbun.com
   4. RegRU (File an Abuse Report) - E-mail is also recommended: response@cert-gib.ru 
   5. Public Domain Registry (E-mail: abuse-contact@publicdomainregistry.com) phone number: +1-2013775952
   6. Tucows (File an Abuse Report) Toll-free: 1-800-371-6992
3. They often rely on other services, which if removed, renders the site useless, or severely hindered in its ability to scam, including:
   1. Cloudflare: https://abuse.cloudflare.com/ 
   2. Netlify: Often sites deploy with this tool. You can e-mail fraud@netlify.com just in case.
   3. Metamask: Metamask has a Phishing Detection tool. To get it reported, submit a request on Github and then open a ticket with Metamask support and request it to be escalated (Select Other/Other/Other in the prompts). This will prevent users from being able to navigate to the website on a browser with metamask installed.
   4. Cryptoscamdb: Report it to https://cryptoscamdb.org/ which will disseminate to many wallet extensions and antivirus/active web monitoring tools.
4. We can help you go through your security settings in things like Google, Slack, Discord, Twitter, etc. to help you identify where the break-in likely occurred. But turning on 2FA everywhere is a good start!
5. Reach out to mods in other communities to alert their communities. We have a community mod chat that includes 20+ major NFT communities. Additionally, our #Scam-alerts go out to dozens of prominent discords in the space. Getting your community's ongoing compromise in our alerting pipeline could save people!
6. We reach out to wallet extensions like Wallet Guard, Pocket Universe, and others to ensure the scam sites and contracts end up on their naughty list, ensuring folks with those extension are safe!

There you have it. Getting your Twitter compromised is a stressful endeavor, but being more prepared on how to act, and of course how to prevent it can make the difference between your project holders losing millions of dollars, and you mitigating damage in a systematic way. Have any questions or want to learn more about web3 security and stay up to date on the most current security information, scams, and tactics? Join us in our discord at https://discord.gg/boringsecurity .