Both the British Army’s YouTube and Twitter accounts were hacked and used to promote cryptocurrency scams, the UK Ministry of Defence confirmed on Sunday. It’s unclear when exactly hackers took over the two accounts, but they both appear to be back to normal now.
“We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway,” the Ministry of Defence Press Office said on Twitter. “The Army takes information security extremely seriously and is resolving the issue.”
Hackers hijacked the British Army’s Twitter page, swapping out the organization’s profile picture, bio, and cover photo to make it seem like it was associated with The Possessed NFT collection. The account sent out various retweets for NFT giveaways, and its pinned tweet linked users to a fake NFT minting website.
Bad actors also stripped the British Army’s YouTube channel, deleting all its videos, as well as changing its name and profile picture to resemble the legit investment firm Ark Invest. Hackers replaced the British Army’s videos with a series of old live streams featuring former Twitter CEO Jack Dorsey and Tesla CEO Elon Musk. These live streams were previously aired as part of The B Word conference held by Ark Invest last June, but hackers added an overlay that encouraged users to participate in a crypto scam. The channel aired four live streams at once, with some of them racking up thousands of viewers.
As Web3 Is Going Just Great blogger Molly White points out, the scammers who took over the British Army’s accounts carried out their scheme with some of the same tactics used in the recent past. In March, hackers took over the Twitter account belonging to MKLeo, one of the world’s top Super Smash Bros. Ultimate players, and used it to peddle phony NFTs made to look like they were associated with The Possessed. Just two months after that incident, scammers managed to steal $1.3 million using the same Ark Invest live streams that were repurposed for this hack.
Twitter spokesperson Rocio Vives told The Verge that the British Army’s account Twitter “has since been locked and secured,” and that “account holders have now regained access and the account is back up and running.” Google didn’t immediately respond to The Verge’s request for comment.
Correction July 4th, 10:12 PM ET: A previous version of the article mistakenly stated the British Army’s Facebook account was hacked when it was actually its YouTube account that was hacked. We regret the error.