Interlay Official Twitter Account Compromised
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Interlay is a protocol which allows bitcoin to be used on the Polkadot network. The bitcoin is stored in vaults and iBTC tokens are issued to users on the Polkadot chain. On July 6th, Alexei Zamyatin reported that his phone number had been sim swapped. It appears that this was used to take over the InterlayHQ account and post malicious phishing links. The account was ultimately recoved, but not until the next day, due to some confusion with the Twitter support team believing the account was already recovered.
About Interlay
"Interlay is a modular, programmable layer between Bitcoin and the multi-chain ecosystem that unlocks novel decentralized use cases for BTC."
"One app, all things Bitcoin DeFi Swap, lend, borrow against your BTC or multiply your exposure." "Put your BTC to work in DeFi - secured by a 100% transparent & decentralized network, fully covered by insurance."
"Earn on your Bitcoin but keep control of your private keys" "Operated by a globaly distributed, permissionless network" "Best in class economic security through collateral insurance" "Interlay is built on cutting-edge, peer-reviewed research"
"Interlay is a modular, programmable layer between Bitcoin and the multi-chain ecosystem that unlocks decentralized (financial) use cases for BTC. Interlay’s vision is to help Bitcoin achieve mass adoption by unlocking decentralized (financial) use cases for BTC and removing the need for centralized services. Interlay’s achieves this by creating the necessary infrastructure and financial tooling for both users and builders:
DeFi for Bitcoin: Interlay’s DeFi hub a one-stop shop for all things decentralized Bitcoin finance featuring BTC swaps, lending, and staking. High throughput, low fees payable in any asset, and native stablecoin integrations aim to provide an experience competing even with centralized providers.
Bitcoin for DeFi: Interlay’s BTC bridge is the secure way to use Bitcoin in the multi-chain ecosystem. iBTC, a 1:1 BTC-backed asset, is secured by a decentralized network of vaults. BTC deposits are insured by a multi-collateral system and secured by cross-chain light clients."
"Decentralization first. The basis for the Interlay and Kintsugi networks is a decentralized Bitcoin bridge - the only of its kind. The desire to build decentralized technology is one of the key values that bind the Interlay and Kintsugi community together."
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
Twitter account of InterlayHQ was hacked.
| Date | Event | Description |
|---|---|---|
| February 8th, 2024 7:27:00 AM MST | Interlay Video Description | A video on Twitter explains the purpose and use case of the interlay network. |
| July 6th, 2024 10:26:00 AM MDT | Sim Swap Announced | Alexei Zamyatin reports that his phone number was sim swapped. He states he reacted within 30 minutes, and has now regained control over the number. He's working to regain control of the InterlayHQ Twitter account. |
| July 6th, 2024 2:45:00 PM MDT | Warning From Discord | A post on Instagram is shared which warns about the hacked Twitter account. |
| July 6th, 2024 3:28:00 PM MDT | Support Apparently Useless | Alexei Zamyatin reposts a post and warns that it's a scam post. He states that the Twitter support team is "being completely useless" after they close his ticket, claiming that he still has access to the account. |
| July 7th, 2024 3:35:00 AM MDT | Tweet Warning Posted | The |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost is unknown.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
"Polkadot issued a warning on Twitter, alerting users that the official Twitter account of Interlay, a cross-chain interoperability project, was compromised and used to post a scam message. Users are advised to be cautious and avoid clicking any links."
Ultimate Outcome
"This is a SCAM post. The account was compromised. Please DO NOT click on any links.
@Support being completely useless (told us „they checked and we still have access to the account so they closed the report“."
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.