The British army is investigating an apparent hack after its official Twitter and YouTube accounts were compromised on Sunday. News of the breach was first reported by Web3 is Going Great. According to the blog, both accounts were simultaneously compromised to promote two different cryptocurrency scams.
Although it has since been scrubbed, the army’s verified Twitter account was briefly changed to look like a page for The Possessed, a project involving a collection of 10,000 animated NFTs with a price floor of 0.58 Ethereum (approximately $1,063). During that time, the account tweeted out multiple links to a fake minting website. It’s possible the hack is part of a broader campaign to leverage the recent popularity of The Possessed. On Saturday, the project’s official Twitter account warned its followers of another verified account that was similarly hacked to promote a NFT scam using The Possessed brand.
Over on YouTube, the army’s channel has been made to look like a page for Ark Invest. As of the writing of this article, the channel is livestreaming videos that repurpose old footage of Elon Musk, Jack Dorsey and Ark CEO Katie Wood discussing cryptocurrency. The clips feature an overlay promoting “double your money” Bitcoin and Ethereum scams. According to Web3 is Going Great, a similar scheme netted scammers $1.3 million this past May. It’s unclear who is behind the attacks.
“We are aware of a breach of the army’s Twitter and YouTube accounts and an investigation is underway,” an army spokesperson told The Guardian. “We take information security extremely seriously and are resolving the issue. Until the investigation is complete it would be inappropriate to comment further.”
While 2022 has seen its share of crypto hacks, few have targeted government organizations like the British army. To date, most have involved groups like Yuga Labs, the creator of the popular Bored Ape Yacht Club NFT collection. In April, the project’s official Instagram account was compromised in a $2.4 million phishing scam. BAYC’s Discord community has also fallen to two separate phishing attacks in 2022.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.