Aquarius Capital Twitter Account Compromise

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Aquarius Capital Logo/Homepage

Aquarius Capital is a large decentralized venture capital and liquidity fund which had over $600m under management. On August 23rd, their official Twitter account was taken over by an attacker. The username was changed to alab_fund, and the attacker was then able to switch the username of one of their accounts to the original Aquarius_Fund handle. At least one victim had assets taken. The Aquarius Capital Twitter is being run through a new account AquariusCap_ at the moment. It is unclear if any compensation will be provided for any victims.[1][2][3][4][5][6][7][8][9][10][11][12]

About Aquarius Capital

"Research-driven venture capital and liquid fund pioneering institutionalized on-chain liquidity optimization and go-to-market strategies since 2018. We empower founders to elevate innovations from 0 to ∞."

"We galvanize top-tier entrepreneurs who share groundbreaking ideas, exceptional vision, elite execution skills, and an unwavering determination to reach their objectives."

"Our interdisciplinary team, consisting of research analysts, hackathon technicians, community operations experts, and founders, collaborates to identify the unique convergence point of technology, products, and operations."

"Leveraging our global network of Key Opinion Leaders (KOLs), we expedite the transformation of outstanding ideas into tangible community influence. This is particularly effective in the APEC and Africa regions, including the Chinese-speaking territories, South Korea, Japan, Turkey, Nigeria, and Kenya."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"The official X account of the crypto venture capital firm Aquarius was hacked. The attacker has already changed the username, associated email, and phone number. Additionally, the previous username has been taken over by another spam account controlled by the attacker."

Key Event Timeline - Aquarius Capital Twitter Account Compromise
Date Event Description
August 23rd, 2024 11:10:05 AM MDT Blockchain Phishing Transaction One of the attack transactions on the blockchain, indicating that the Twitter account was already compromised for some time at this point. This particular transaction only nets the attacker $70.
August 23rd, 2024 12:21:00 PM MDT 0xpotatoSam Tweet Twitter user 0xpotatoSam, who is the research lead at Aquarius, posts to warn about the Twitter account takeover and renaming of the accounts. Readers are advised not to trust anything from the account, which has been renamed to @alab_fund.
August 23rd, 2024 8:32:00 PM MDT Detailed Tweet Report A detailed tweet is published which showcases the method used by the attacker of renaming the original account and setting up a new account on the original username.
August 24th, 2024 12:13:00 AM MDT Promotional Tweet Post A promotional tweet is posted on the account, which suggests that it's back in the control of Aquarius Capital. However, the username appears to remain as alab_fund.
August 24th, 2024 7:48:00 PM MDT Phishing Transaction Analysis A tweet is shared with information about the phishing transaction. The attacker is using some methods to obscure the transaction so it doesn't look suspicious during the attack.
August 26th, 2024 12:20:00 AM MDT New Twitter Account Setup The Aquarius Capital team posts to announce that they've set up a new handle on Twitter for future updates. Users should now follow @AquariusCap_.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"The official Twitter account of Aquarius has been hacked. Please proceed with caution and do not trust any content posted.

Aquarius’ official Twitter account (formerly known as @Aquarius_Fund, now changed by the hacker to @alab_fund) has been compromised. Please do not trust any posts from this account until Aquarius’ partner @Lin_2mars and Aquarius’ researcher @0xpotatoSam confirms that the account has been recovered. (Or posts any further notices).

We apologize for any inconvenience caused and is currently seeking assistance from Twitter."

Ultimate Outcome

"We are pleased to inform you that our official Twitter handle has been updated from @Aquarius_Fund to @AquariusCap_! This change reflects our ongoing commitment to better align our branding with the evolving vision of Aquarius Fund.

Please note that during this transition, we kindly request that you do not respond to any communications or posts from the @Aquarius_Fund until we regain control from @X. Your security and trust are our top priorities, and we are working diligently to ensure a seamless transition.

For any concerns, inquiries, or verification, please do not hesitate to reach out directly to our team members @Lin_2mars and @0xpotatoSam. They are available to assist you with any questions you may have regarding this update.

We invite you to follow us at our new handle @AquariusCap_ to continue receiving the latest updates, insights, and developments from Aquarius Fund. Your support is invaluable, and we look forward to keeping you informed as we continue to drive innovation and growth in the venture capital space."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Hacked - SlowMist Zone (Accessed Aug 26, 2024)
  2. @evilcos Twitter (Accessed Aug 26, 2024)
  3. @alab_fund Twitter (Accessed Aug 26, 2024)
  4. @0xpotatoSam Twitter (Accessed Aug 26, 2024)
  5. @evilcos Twitter (Accessed Aug 26, 2024)
  6. BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Accessed Aug 26, 2024)
  7. @0xpotatoSam Twitter (Accessed Aug 26, 2024)
  8. @alab_fund Twitter (Accessed Aug 26, 2024)
  9. @0xpotatoSam Twitter (Accessed Aug 26, 2024)
  10. @AquariusCap_ Twitter (Accessed Aug 26, 2024)
  11. Aquarius (Accessed Aug 26, 2024)
  12. Aquarius (Accessed Aug 26, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Aquarius_Capital_Twitter_Account_Compromise&oldid=6283"