Bloomberg Crypto X account mishap results in Discord phishing attack

Earlier today, the official Bloomberg Crypto Twitter account was hijacked to lead users to a fraudulent website designed to phish Discord credentials. Crypto fraud investigator ZachXBT first noticed the unusual activity when the Twitter profile linked to a Telegram channel with 14,000 subscribers, which then directed users to a bogus Bloomberg Discord server boasting 33,968 members.

ZachXBT highlighted that Bloomberg previously operated an older Telegram channel under the handle @BloombergNewsCrypto, a detail they shared on Twitter in August 2023. In a switch made in October 2023, Bloomberg changed this handle to @BloombergCrypto. During this transition, a scammer opportunistically grabbed the former username.

Leveraging Bloomberg's still-active link to the old Telegram channel, the scammer orchestrated today's phishing attack. A message on the fraudulent Telegram channel now reads, “If you are interested, please head over to our official and only discord server for more information on how to start an application: https://discord[.]gg/bloomberg.” This message falsely represents the scammer’s Discord server as Bloomberg Crypto's official community platform.

In the fraudulent Bloomberg Crypto Discord server, visitors are met with a bot that falsely claims to be AltDentifier, a legitimate Discord Verification Bot. However, the bot cunningly directs them to a deceptive website that mimics the authentic AltDentifier site. The fake site's URL (altdentifiers[.]com) is a subtle manipulation of the real one, adding an extra 's' to mislead unsuspecting users.

Upon entering the server, the so-called "Bloomberg Crypto staff team" instructs new members to complete a verification process within 30 minutes by visiting this falsified site.

Once visitors click the link to 'verify' their Discord account, they land on the phishing site disguised as AltDentifiers. This site then prompts them to authenticate with Discord, but in reality, it is a trap designed to steal their Discord login credentials.

The phishing page attempts to assure visitors of its legitimacy, stating, "The server administrators have implemented additional security measures on this server, which include the requirement for all accounts to verify their Discord account. Once your account is successfully verified, you will be able to freely participate in the server. Please note that administrators have the authority to override the system if necessary." This statement is part of the ruse to convince users of the site's authenticity and the importance of completing the verification process.

The harmful link was swiftly deleted from the Bloomberg Crypto X/Twitter profile, just half an hour following ZachXBT's initial exposure of the issue on Twitter.

Given that numerous cryptocurrency communities are active on Discord, cybercriminals often target this platform to pilfer user credentials. They primarily aim to compromise accounts associated with these crypto servers.

Once these accounts are under their control, the attackers can leverage them to orchestrate cryptocurrency scams. By doing so, they can defraud users by appearing as credible sources and trick them into parting with their cryptocurrency assets.

When BleepingComputer reached out to Bloomberg for a statement earlier today, a response from their spokesperson was not immediately available.