Dcentralab Diligence Analysis: Robinhood Hack & $RBH Rugpull

Dcentralab Diligence Analysis: Robinhood Hack & $RBH Rugpull

Yesterday, on January 25th, 2022, the popular trading app Robinhood made a strange announcement on Twitter and other social media channels. In the announcement, the account seemingly reminded users regarding a so-called “official” Robinhood token, $RBH, listing on Pancakeswap.

The hacker likely gained access to Robinhood’s official social media accounts via phishing.

The announcement published by the hacker on Twitter

Perceptive users quickly labeled the token $RBH as a scam and deduced that Robinhood’s Twitter account was hacked. The post was removed in less than an hour, but some users bought the fraudulent $RBH token within that time.

The RBH token listing was a classic “rug-pull” type of scam, and within a short time, the issuer removed all liquidity from Pancakeswap. By removing liquidity, buyers were stuck with a useless coin that could not be traded or exchanged.

According to BSCscan, the $RBH issuer managed to steal 26 BNB, valued at roughly $8000 USD. Furthermore, the issuer deployed the token and funded the scam via a Binance account, meaning that the issuer likely went through a KYC process. As such, the issuer will probably be caught and handed to the authorities shortly.

While not very common, this incident was not the first time a prominent Twitter account was hacked to spread a scam.

The 2020 Big Social Media Hack

On July 15th, 2020, one of the most significant hacking incidents occurred when the official Twitter accounts of some of the world’s most influential people and companies were hacked. Among them were the Twitter accounts of former U.S. President Barack Obama, Microsoft co-founder Bill Gates, Amazon CEO Jeff Bezos, Apple, Uber, and even the official Twitter account of the cryptocurrency exchange platform, Coinbase. The hackers posted a message that promised to double any Bitcoin payment sent to their provided address.

Hackers exploiting Obama’s Twitter to promote a Bitcoin scam

This incident has raised some serious security concerns, as the accounts hacked were verified and belonged to some of the world’s most influential people and companies. The hackers could gain access to these accounts by exploiting a vulnerability in Twitter’s internal systems. The breach allowed them to post on the accounts and send private messages to the account holders.

The attackers also used the accounts to spread a Bitcoin scam, asking people to send money to a specific Bitcoin address with the promise of having it doubled. The attackers then moved the funds to other accounts, likely in an attempt to launder the money.

In response to the incident, Twitter immediately secured the accounts and prevented further damage. They implemented additional security measures for all verified accounts and disabled the ability to reset passwords for a few hours.

The authorities later apprehended the group of hackers involved.

How to Avoid Social Media Crypto Scams

Social media crypto scams are a growing problem, as they allow scammers to easily reach large numbers of people with the intent of defrauding them. To protect yourself from falling victim to these scams, it is crucial to recognize the warning signs and take the necessary steps to avoid them.

The first step to avoiding social media crypto scams is to be aware of the common tactics employed by scammers. These tactics include creating fake accounts that mimic those of legitimate crypto companies, offering “too good to be true” investment opportunities, and making false claims about their products or services. Be vigilant and critically evaluate any information on social media, especially cryptocurrency-related information.

Be vigilant regarding offers regarding cryptocurrency, even from trusted social media accounts. Make sure to research before investing in any cryptocurrency, and only use reputable exchanges and wallets. Additionally, be wary of any offers that seem too good to be true, as this is often a red flag of a scam.

About Dcentralab Diligence

Dcentralab Diligence is a blockchain-based security firm based in Belgrade and Tel Aviv. We provide comprehensive smart contract audits and security consultations for the web3 industry. The team behind Dcentralab Diligence has years of experience in blockchain development and cyber security.

Follow us:

Twitter | Website | LinkedIn