Article Details

Bloomberg Crypto X account hijacked in Discord phishing attack. Image: Bloomberg Crypto The official Twitter account for Bloomberg Crypto was compromised earlier today, ultimately redirecting users to a deceptive website used to steal Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the hijacked profile contained a link to a fake Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members. This Telegram channel was created on November 2, 2023, with the following messages redirecting visitors to the fake Discord server being added one day later. "If you are interested, please head over to, our official and only discord server for more information on how to start an application: https://discord[.]gg/bloomberg," a message on the Telegram channel reads. "Join the Bloomberg Crypto Discord Server! Check out the Bloomberg Crypto community on Discord - hang out with 33975 other members and enjoy free voice and text chat." Upon entering the Discord server, a bot prompts visitors to use AltDentifier, an authentic Discord Verification Bot. Rather than linking to the legitimate https://altdentifier.com/ address, it presents a link to a deceptive page using an altered domain (altdentifiers[.]com) with an extra 's' at the end of the original domain name. The "Bloomberg Crypto staff team" gives visitors 30 minutes to go to this site and complete the verification process. After clicking the link to 'verify' their account, the potential victims are prompted by the AltDentifiers phishing website to verify with Discord, aiming to steal their Discord login credentials. "The server administrators have implemented additional security measures on this server, which include the requirement for all accounts to verify their Discord account," the phishing site says. "Once your account is successfully verified, you will be able to freely participate in the server. Please note that administrators have the authority to override the system if necessary." The malicious link was removed from the Bloomberg Crypto X/Twitter account 30 minutes after ZachXBT's initial tweet. As many crypto communities reside on Discord, threat actors commonly attempt to steal credentials for accounts that frequent such servers. These hijacked accounts can then be used to promote cryptocurrency scams designed to steal users' cryptocurrency assets while appearing to be from a legitimate source. A Bloomberg spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.