This week: Visa is claiming that digital currency is in their DNA and Steve Wozniak is fed up with YouTube scams. Plus, Twitter got hacked hard last week – what do we know over a week later? More info @ Talk.Bitcoin.Tax


Show Notes:

(00:13) On Wednesday, Visa released a blog post entitled “Advancing our approach to digital currency”. In short, this blog post is meant to alert consumers of Visa’s “digital currency strategy”, and their dedication to embracing cryptocurrency. Overall, a good thing for adoption.

Diving a bit deeper into the blog post, Visa mentions their existing partnerships with “regulated digital currency platforms like Coinbase and Fold” and “more than 25 digital currency wallets”. They highlight their history of blockchain technology research, and state that their current research goal is to develop “new mechanisms to improve scalability and enable offline digital currency transactions”. For reference, Visa’s research team consists of an impressive number of Ph.D scientists and researchers, with focuses ranging from cryptography, machine learning, quantum computing, blockchain technology, and a number of other tech-related concentrations; this well-versed research team certainly illustrates that Visa is serious about crypto and blockchain.

The blog post also touts Visa’s involvement in shaping cryptocurrency related policy, citing their collaborative work with the World Economic Forum where they were involved in creating policy recommendations for a Central Bank Digital Currency.

Finally, Visa states the key values that will guide their digital currency strategy: protecting consumer data and privacy while adhering to all applicable laws, remaining currency and network agnostic by supporting the digital currencies and blockchain networks that their partners and customers want, and utilizing their existing expertise and capabilities to shape and enhance their continued foray into crypto and blockchain technology.

The blog post shows that Visa is serious about cryptocurrency and blockchain technology, a sentiment that is more and more commonly shared by well-known names in the finance space. It certainly wouldn’t be surprising to hear about some additional Visa partnerships with high-profile cryptocurrency companies in the near-future.

(02:21) Next up – YouTube scams are really annoying Apple co-founder Steve Wozniak (and everyone else). So much so that he is reportedly suing YouTube! If you’ve spent any time on YouTube, you’ve probably seen some sort of video that is trying to scam you out of your money – whether you’ve realized it or not. The lawsuit that Steve Wozniak filed on Tuesday relates to “images and videos of Plaintiff STEVE WOZNIAK, and other famous tech entrepreneurs”… “that have defrauded YOUTUBE users out of millions of dollars”… “[using] images and video of STEVE WOZNIAK to convince YOUTUBE users that he is hosting a live “BTC” or “BITCOIN GIVEAWAY” event and that, for a limited time, any user who sends in their bitcoin will receive twice as much back.”

At this point, these types of scams are commonplace – they’ve been around for a long time, and take place on various social media platforms. We’ll be talking about the big Twitter attack that occurred last week, which utilized a similar type of scam. The lawsuit actually mentions that attack, stating that “Twitter acted swiftly and decisively to shut down these accounts and to protect its users from the scam”. According to the lawsuit, YouTube not only refused to remove the scam videos, they also promoted them AND profited off them via paid advertising. Again drawing comparison to the recent Twitter attack, the lawsuit says that the YouTube scams have generated millions of dollars in stolen crypto, whereas the unprecedented Twitter hack only yielded around $120,000 worth of crypto income for the attackers.

As we discussed on our April 24th episode, Ripple Labs and their CEO Brad Garlinghouse filed a similar lawsuit against YouTube. With all the heat YouTube is receiving, it seems to me that it would be incredibly likely for them to take some sort of eventual action to address these types of scams on their platform.

(04:04) On the topic of crypto scams, let’s briefly discuss the aforementioned unprecedented Twitter hack that occurred on July 15th, 2020. If you haven’t heard what happened, the TLDR of it is that a hacker (or group of hackers) apparently utilized social engineering to gain access to a Twitter employee’s administrator account, giving them unfettered access to seemingly every Twitter account. The accounts that were outwardly targeted belonged to high-profile verified twitter users, ranging from tech gurus like Elon Musk and Bill Gates, performers like Kanye West, and even former President Barrack Obama. On the crypto side of things, major cryptocurrency-related profiles were also targeted, like Coinbase and Binance.

These accounts all posted the same, or similar messages, instructing their followers to send some crypto (primarily BTC) to a wallet address – claiming that, in return, the sender would receive a significantly larger amount of crypto back. Again, this is a classic scam that has been around quite a while – but it’s power and believably is directly connected to the platform it’s being propagated on. In other words, to someone without knowledge of this scam, they might see a tweet from the official account of Elon Musk and believe that he will send them a bunch of Bitcoin as long as they send a bit first.

The hack lasted a decent number of hours, with Twitter actively deleting the messages and temporarily suspending all verified accounts. Over a week after the attack occurred, what do we know? Well, Twitter themselves said “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” Social engineering, briefly, is the act of “hacking” an individual for information to access a protected system, as opposed to hacking the system itself. Reuters reports that earlier this year, more than 1,000 Twitter employees and contractors had access to a sort-of “god-mode” administrative panel, meaning any one of those individuals could have been the unlucky victim of the social engineering attack.

Twitter has recently divulged that 130 accounts were targeted, 45 accounts sent out tweets, 36 accounts had their DMs accessed (including a politician in the Netherlands), and 8 non-verified accounts had their account data fully exported. KrebsOnSecurity released a detailed report that points to a lone hacker that is well-known in SIM Swapping circles as the culprit. Of course, as the hack affected billionaires and politicians, the FBI has launched their own investigation.

So, 9 days after the attack we know that it was due to social engineering and we know that the attackers gained around $120,000 in crypto, a fairly low amount of money for the unprecedented amount of access the hacker or hackers apparently had. We also know that the attackers actively accessed direct messages and other Twitter data from some of the accounts. We have some well-placed theories about who the hacker is, but no definitive proof as of now. We also don’t know a motive – some camps believe the goal was to make some money but that the hacker hadn’t adequately planned that out, resulting in a paltry sum compared to what could have been made, utilizing the hack for various other nefarious schemes. Others believe this was an attack that was meant to gain information from protected accounts, while others think the attack was meant to sent a message. Only time, and some hearty investigations, will yield concrete answers. Once those answers are found, we’ll be sure to report on them!