Yat Siu $MOCA Launch From Twitter/X Account Compromise

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 15:02, 3 February 2025 by Azoundria (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Yat Siu In Front Of Animoca Brands Logo

Animoca Brands focuses on advancing Web3 technologies to build an open metaverse with a strong emphasis on digital property rights and ownership. Recently, co-founder Yat Siu’s X account was hacked to promote a fake $MOCA token. Animoca Brands warned the public about the scam and Yat Siu ultimately restored the account. Siu shared details of how the hacker bypassed 2FA security by exploiting a vulnerability in X’s account recovery process. Despite having strong security measures in place, the breach demonstrated the need for additional safeguards. Siu emphasized the importance of password hygiene and warned that 2FA alone is not enough to prevent account compromise. [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19]

About Animoca Brands

Animoca Brands focuses on driving digital property rights to build an open metaverse, with various products, research, and initiatives aimed at advancing Web3 technologies. Their vision includes the critical role of culture and ownership in the metaverse, highlighted in their essays on digital ownership and the network effects of the Mocaverse ecosystem. Recent announcements include the success of the Hong Kong-based Web3 game Anichess, and the launch of the EDU Chain mainnet by Open Campus. Animoca also continues to release coverage on blockchain gaming, stablecoins, and the influence of figures like Donald Trump in the crypto space.

About Yat Siu

Yat Siu, born in 1973 in Vienna, Austria, is a Hong Kong-based entrepreneur and angel investor, best known for co-founding Animoca Brands. He has a background in music and initially worked at Atari Germany before founding Cybercity, later renamed Freenation, Asia’s first free web page and email provider. Siu is also the CEO of Outblaze and has played a significant role in Animoca, which reached a valuation of $2.2 billion. He has sold part of his business to IBM and is a member of the BAFTA advisory board and the board of the Asian Youth Orchestra. In 2023, he was appointed to a Hong Kong government task force to promote Web3 development.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Yat Siu $MOCA Launch Via Twitter/X Account Compromise
Date Event Description
December 25th, 2024 6:36:00 PM MST Animoca Brands Tweet "Animoca Brands tweeted that @ysiu social media account has been compromised. There is no official token or NFT launch from Animoca Brands. The token launch on Solana as claimed in a post was made by the hacker. Please do not engage with the account and stay vigilant."
December 25th, 2024 10:15:12 PM MST CoinTelegraph Article Reporting CoinTelegraph reports that Yat Siu, co-founder of Animoca Brands, was hacked on X to promote a fake Solana token, part of a string of recent crypto account breaches. The fake token, named Animoca Brands (MOCA), briefly spiked in value before crashing. Blockchain investigator ZachXBT linked the attack to a broader scam, where hackers have earned over $500,000 by using phishing tactics to take control of X accounts. This marks the latest in a series of similar hacks targeting crypto-related accounts.
December 26th, 2024 4:18:00 AM MST Walk Through Of Twitter Breach Yat Sui shares a walkthrough of the flow they believe the attacker took, which involved attempting to recover the account through a different email address. The original email address or phone number was not notified in the early stages of the attempt when they did their testing.
December 26th, 2024 7:46:00 PM MST Yat Sui Account Is Restored Yat Sui's account is reported to be restored in a Tweet announcement.

Technical Details

"@elonmusk @Support everyone here relies deeply on keeping X as secure as possible & I had my account compromised despite having 2FA security installed what I thought were best practices. Here are my recommendations to prevent this which involves some suggestions for X."

"Hacker knew my password, don't know how but assume that breach vector should be secure as I was 2FA secured. He went to https://help.x.com/en/forms/account-access/regain-access/2fa-problem and used my original ID @ysiu and used an e-mail address that was not the registered e-mail address of the account!"

"I simulated this over two accounts and recreated this same scenario and received this on the new email which requires me to confirm logging in over your platform which sends a notification to you that the "owner" requested to login (note it does not verify any further)"

"Most importantly (and easy for X to fix) the actual email address that was registered (I tested this) and the actual owner of the handle received NO NOTIFICATION that there was a 2FA change request made, also no notification over SMS. This feature alone would have probably prevented this particular hack."

"Continuing on, it then asked me on the email (assume that this would be the fake user attempting to get my 2FA account) for more verification as it could not verify that I was the actual account owner the following as attached, including a copy of a valid government issued ID. If this was sent over they can review and process the report."

"All of this is happening while the actual e-mail account or mobile number which was also registered received no notification of any of these requests happening. Something like "did you request to submit a government issued ID?". Now all the hacker needed was a valid ID."

"Valid or even FAKE IDs are fairly easy to get but in my particular case I was phished for one similar to how https://x.com/zachxbt/status/1871543411695599902 describes it but I never input my 2FA instead I was requested to submit my ID to verify my appeal. I was unable to recreate the form as the site no longer creates it at but it was a form that included adding a valid Government ID just as X would request it."

"Once the hacker got my 2FA removed he instantly installed his own 2FA in a fast series of actions while also changing my password all within a minute as can be seen here while also delegating to another account @BrandyMokkdokk which you should seriously investigate as well although its clearly just a dummy account."

"There were of course many things that I should have caught before, such as verifying the URL the lesson here is not to click on these links on a mobile as they get easily obfuscated or do it first thing in the morning or to not handle anything on Christmas Day/Boxing Day because these are prime days for fraud however these strategies are all intentional to try to catch you when you are least aware or perhaps more vulnerable (eg. after a big meal, or late night typically during an assumed celebration such as a holiday event like this one). The point however is that a simple e-mail that would tell you as an SMS and over e-mail that these requests are being attempted would have helped solve it and make it more secure."

"For everyone else out there, from my lesson 2FA security on twitter (does not matter if its a security key) is not secure enough at this moment. Once your account is compromised 2FA can be turned off just by knowing your password. Access to your account settings is NOT 2FA secured (I verified this) and in any event if X removes 2FA based on someone sending an ID impersonating you, you're out of luck. Which means keeping password hygiene remains the most effective method of protecting for the time being i.e. keep changing every month or even every week if you're particularly paranoid."

"Having 2FA may give a false sense of security in that you feel you can be more relaxed because of it which is of course not true. 2FA is just another security layer and you cannot become more relaxed in other areas of security because of it (eg. changing passwords less frequently)"

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"Unfortunately @ysiu social media account has been compromised. There is no official token or NFT launch from Animoca Brands. The token launch on Solana as claimed in a post was made by the hacker. Please DO NOT engage with the account and stay vigilant. We will provide an update when the account is restored."

Ultimate Outcome

"I want to thank everyone who helped me in this, the great @animocabrands @Moca_Network community, of course the special team at X who helped secure and lock the account (I still don't have access to @ysiu yet) and special shoutout to @9GAG @lucanetz @tylerdurden88 @yusufg amongst many others to help in this in various ways. Web3 is for all of us and we need to work together to make this a safer space for all which is a big part of our vision on making MOCA ID the trust layer of the future internet!"

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Animoca Brands - "Unfortunately @ysiu social media account has been compromised. There is no official token or NFT launch from Animoca Brands. The token launch on Solana as claimed in a post was made by the hacker. Please DO NOT engage with the ac...itter (Accessed Jan 30, 2025)
  2. Yat Sui - "It's good to be back thank you everyone for your support! For those who want to know the full story on how to safeguard your account on X better see my thread at" - Twitter (Accessed Jan 30, 2025)
  3. Yat Sui - "I had my account compromised despite having 2FA security installed what I thought were best practices." - Twitter (Accessed Jan 30, 2025)
  4. Yat Siu X account breach likely part of a string of recent hacks: ZachXBT (Accessed Jan 30, 2025)
  5. @Harrisbigboy89 Twitter (Accessed Jan 30, 2025)
  6. @moonknight1o1 Twitter (Accessed Jan 30, 2025)
  7. @niutonapple Twitter (Accessed Jan 30, 2025)
  8. @Jackiesmith9053 Twitter (Accessed Jan 30, 2025)
  9. @lmaoez11000 Twitter (Accessed Jan 30, 2025)
  10. @zachxbt Twitter (Accessed Jan 30, 2025)
  11. @CoinDesk Twitter (Accessed Jan 30, 2025)
  12. @The_8lyxium Twitter (Accessed Jan 30, 2025)
  13. Yat Siu - "Yes that was the same or similar scam but he never got access to my 2FA (posting from my alter Account) but instead used an ID to impersonate me and then reset 2FA to their devices. @ysiu is locked now and secured although I do not have...itter (Accessed Jan 30, 2025)
  14. @Jetlag_747 Twitter (Accessed Jan 30, 2025)
  15. @Procholin Twitter (Accessed Jan 30, 2025)
  16. @ArtCatDAO Twitter (Accessed Jan 30, 2025)
  17. @animocabrands Twitter (Accessed Jan 30, 2025)
  18. Animoca Brands (Accessed Jan 30, 2025)
  19. Yat Siu - Wikipedia (Accessed Jan 30, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Yat_Siu_$MOCA_Launch_From_Twitter/X_Account_Compromise&oldid=6514"