Background Overview
Recently, there have been frequent incidents where Web3 project owners or celebrities’ X accounts have been hacked and used to send phishing tweets. Hackers often use various methods to steal user accounts, with some common tactics including:
1. Tricking users into clicking on fake Calendly/Kakao meeting links to steal account authorization or control their devices.
2. Sending direct messages to lure users into downloading Trojan-infected programs (disguised as games, meeting apps, etc.), which can steal private keys/mnemonics and X account permissions.
3. Using SIM Swap attacks to steal X account permissions that rely on phone numbers.
The SlowMist Security Team has helped resolve several similar incidents. For example, on July 20, the X account of the TinTinLand project was hacked, and the attacker pinned a tweet containing a phishing link. With the assistance of the SlowMist Security Team, TinTinLand promptly resolved the account theft issue and conducted authorization reviews and security enhancements for the X account.
Given the frequent occurrences of such incidents, many users are unaware of how to enhance the security of their X accounts. The SlowMist Security Team will explain how to conduct authorization checks and security settings for X accounts. Here are the specific steps:
Authorization Check
We use the web version as an example. After opening the x.com page, click on the “More” sidebar and find the “Settings and privacy” option, which is mainly used for setting account security and privacy.
After entering the “Settings” section, select “Security and account access” to set the security and access permissions for the account.
Review Authorized Applications
Many phishing methods involve tricking users into clicking on application authorization links, which can result in granting tweet posting permissions to the X account, leading to the account being used for phishing.
Check method: Select the “Apps and sessions” section to see which applications the account has authorized, as shown below, the demonstration account has authorized these three applications.
After selecting a specific application, you can see the corresponding permissions. Users can remove permissions through the “Revoke app permissions” option.
Review Delegation Status
Check method: Settings → Security and account access → Delegate
If you find that the account allows invitation management, you need to enter “Members you’ve delegated” to see which accounts the current account is shared with. If sharing is no longer needed, delegation should be canceled immediately.
Review Abnormal Login Logs
If users suspect that their account has been maliciously accessed, they can check the login logs to see abnormal login devices, dates, and locations.
Check method: Settings → Security and account access → Apps and sessions → Account access history
As shown below, entering Account access history allows you to view the device model, login date, IP, and region. If abnormal login information is found, the account may have been compromised.
Review Login Devices
If a malicious login occurs after an X account is stolen, users can view the current login devices for the account and log out the suspicious device.
Check method: Select “Log out the device shown” to log the account out from a specific device.
Security Settings
2FA Verification
Users can enable 2FA verification to set up two-factor authentication, reducing the risk of account takeover if the password is leaked.
Configuration method: Settings → Security and account access → Security → Two-factor authentication
You can set up the following 2FA methods to enhance account security, such as SMS verification codes, authentication apps, and security keys.
Additional Password Protection
In addition to setting account passwords and 2FA, users can enable additional password protection to further enhance X account security.
Configuration method: Settings → Security and account access → Security → Additional password protection
Summary
Regularly checking authorized applications and login activities is key to ensuring account security. The SlowMist Security Team recommends that users regularly conduct authorization checks on their X accounts according to the steps outlined to strengthen account security and reduce the risk of hacker attacks. If you discover that your account has been compromised, immediately take action to change your account password, conduct authorization checks, revoke suspicious authorizations, and enhance security settings for your account.
About SlowMist
At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.
We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.
