Both the British Army’s YouTube and Twitter accounts were hacked and used to promote cryptocurrency scams, the UK Ministry of Defence confirmed on Sunday. It’s unclear when exactly hackers took over the two accounts, but they both appear to be back to normal now.
“We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway,” the Ministry of Defence Press Office said on Twitter. “The Army takes information security extremely seriously and is resolving the issue.”
Hackers hijacked the British Army’s Twitter page, swapping out the organization’s profile picture, bio, and cover photo to make it seem like it was associated with The Possessed NFT collection. The account sent out various retweets for NFT giveaways, and its pinned tweet linked users to a fake NFT minting website.
Bad actors also stripped the British Army’s YouTube channel, deleting all its videos, as well as changing its name and profile picture to resemble the legit investment firm Ark Invest. Hackers replaced the British Army’s videos with a series of old livestreams featuring former Twitter CEO Jack Dorsey and Tesla CEO Elon Musk. These livestreams were previously aired as part of The B Word conference held by Ark Invest last June, but hackers added an overlay that encouraged users to participate in a crypto scam. The channel aired four livestreams at once, with some of them racking up thousands of viewers.
As Web3 Is Going Just Great blogger Molly White points out, the scammers who took over the British Army’s accounts carried out their scheme with some of the same tactics used in the recent past. In March, hackers took over the Twitter account belonging to MKLeo, one of the world’s top Super Smash Bros. Ultimate players, and used it to peddle phony NFTs made to look like they were associated with The Possessed. Just two months after that incident, scammers managed to steal $1.3 million using the same Ark Invest livestreams that were repurposed for this hack.
“We take account security very seriously — if a user believes their account has been compromised, they can notify our team to secure the account and regain control,” YouTube spokesperson Ciaran Ward said in a statement to The Verge. “In this instance, we worked with the channel owner to do exactly that.”
Twitter spokesperson Rocio Vives told The Verge that the British Army’s account Twitter “has since been locked and secured,” and that “account holders have now regained access and the account is back up and running.”
Correction July 4th, 10:12PM ET: A previous version of the article mistakenly stated the British Army’s Facebook account was hacked when it was actually its YouTube account that was hacked. We regret the error.
Update July 6th, 8:04AM ET: Added a statement from a YouTube spokesperson.