We’re back in control of the Jackal Protocol Twitter.
Summary
A Sim-Swap attack occurred on November 14th, 2023, affecting two significant business accounts associated with the Jackal Protocol. @jackal_protocol (the official account) and @osintdunny (@Jackal_Labs CEO’s account).
The incident led to unauthorized access and control over these accounts, causing damage and potential financial risks to the Jackal Protocol community.
Incident Overview
Date of Incident: November 14th, 2023
Affected Accounts: @jackal_protocol and @osintdunny
Nature of Attack: Sim-Swap
Initial Discovery: Unusual activity observed on both accounts, @Jackal_Labs CEO’s phone lost service.
Duration of Attack: From November 14th @ 6:00 PM EST ~ until November 27th @ 1:06 PM EST.
Attack Details
-
The attacker executed a sim-swap attack, transferring control of the 2FA phone number associated with both accounts.
-
Post-swap, the attacker accessed the accounts, changed passwords, and set up their own 2FA, blocking access to fully recover the account.
-
They misused the “delegate” feature, posting malicious content and deleting our warnings.
Response and Recovery
Initial Response: Detected unusual activity and contacted the phone carrier to recover the phone number. Reset passwords for the two accounts.
Recovery Actions:
-
Recovered phone, email, and reset passwords for both accounts.
-
Attempted to alert our community via our X API session about the breach.
-
Contacted X support for urgent assistance to reset unauthorized 2FA and delegation.
Resolution
The @Jackal_Labs team negotiated with the hacker, which resulted in the recovery of both @Jackal_Protocol and @OSINTDunny accounts for no cost.
Impact Assessment
Financial Risk: Potential loss due to malicious links posted by the attacker.
Operational Disruption: Limited access to key communication channels for a period.
Lessons Learned
Multi-Factor Authentication: The need for a robust, multi-layered approach to authentication.
Remove SMS Authentication: It is not enough to simply add code generator authentication, but you must also manually remove SMS-based authentication on the X social network.
Collaboration with Service Providers: Necessity of having direct lines of communication with service providers for swift action in emergencies. X’s @Support never responded to our request for urgent action to re-set the account’s 2FA settings.
Communicate with Hacker: Negotiation was a critical tool for success in account recovery. Using active listening, empathy as a tool, and calibrated questions, the account was successfully recovered.
Next Steps
-
Implement diversified multi-factor authentication methods for all critical accounts.
-
Remove SMS authentication for all Jackal Protocol-associated accounts.
-
Regular security audits.
-
Establish a direct emergency contact protocol with service providers for high-priority issues.
Conclusion
This incident underscores the importance of robust cybersecurity measures in the digital landscape. It is the foundation for why we built the Jackal Protocol in the first place. No one is safe, and this serves as a reminder to continuously evolve our security practices in line with emerging threats to protect our assets, reputation, and the trust of our community.
We will be refunding all parties affected by the exploit. Please fill out the form below for follow-up.