We are experiencing a steep rise in cybercrime and fake news, with the SEC’s X account being compromised to release fake Bitcoin news, and now San Francisco-based publishing platform Substack facing a crypto-related hack through a Metamask email.
The hack affected subscribers of the business-focused newsletter – Petition. The Petition team confirmed the hack on Thursday, January 11th, assuring their subscribers that no accounts had been compromised.
Substack enables writers to send online newsletters directly to their readers, which allowed the phishing email to reach subscribers of the Petition newsletter.
Petition newsletter subscribers were the targets of the phishing email aimed at MetaMask users. While the specific nature of the hack is still unconfirmed, It appears that the hack took place via the Substack platform end rather than through any of the user logins.
The Petition team promptly sent out an email to their subscribers alerting them to the hack but there has not yet been any official statement from Substack. In the follow-up email Petition apologised for the hack and informed their subscribers that they had identified and “digitally assassinated” the perpetrator.
A Consensys representative told CCN “Phishing attacks tied to stolen or hacked mailing lists are a common problem and one of the reasons MetaMask has implemented security measures like tracking malicious websites, security screening with Blockaid and empowering the development of other security tools via our Snaps platform”. Their website also has a specific section on privacy and security , informing users that MetaMask will never send unsolicited emails as well as information on how to spot scam emails.
The crypto focus of the phishing email is a reminder that cryptocurrency users are often key targets for hackers and alerts us to the rise in crypto-related cybercrime.
The terms of service on Petition’s Substack page states the legal stance of Petition LLC, highlighting the platform’s policy on liability in the event of a hack:
“Under no circumstances will Petition LLC be responsible for any damage, loss, or injury resulting from hacking, tampering, or other unauthorized access or use of the services or your account or the information contained therein.”
For now, it appears the hack was limited to Petition’s Substack which was promptly resolved. Confirmation of support by the substack team was also highlighted in the Petition team’s communications to their subscribers.
CCN reached out to Petition, and Substack for commentary but did not receive a reply at the time of publishing.
This news comes at a bad time for Substack after the company’s stance on content moderation came under fire. A statement that it would not demonetize or remove openly Nazi accounts led to outrage and even a petition by Substack publishers prompting a follow-up from the co-founder Hamish McKenzie who responded in a blog post stating:
“We believe that supporting individual rights and civil liberties while subjecting ideas to open discourse is the best way to strip bad ideas of their power. We are committed to upholding and protecting freedom of expression, even when it hurts”.
With trust in traditional media falling, non-traditional media platforms and publishing platforms are increasingly being used as a source of news. This is demonstrated by a YouGov survey of over 93,000 online news consumers which showcases the decline in consumption, as well as trust, in traditional media, such as TV and print.
A changing media landscape is in progress, demonstrated by shifting consumer habits, which in turn will place increasing responsibility on alternative news and entertainment platforms to provide the transparency and security measures that are expected of mainstream media. Greater pressure is now placed on platforms such as Substack to provide this as well.
While cybersecurity awareness is rising, so too is the sophistication of cybercriminals. The result of this is a digital ecosystem that is increasingly more vulnerable and organizations that may find themselves unable to keep up with proactive cybersecurity measures and the evolving security landscape.
Recent data suggests that global cybercrime will skyrocket over the next five years.
While crime prevention has traditionally been in the purview of public authorities – the evolution of technology and an evermore interconnected world means it is now both public and private responsibility.
The recent SEC Twitter hack demonstrates the pervasive nature of cybercrime, which affected the regulatory body as it was revealed it had not enabled two-factor authentication on its account.
The Substack incident not only reminds us of the fragility of online platforms but highlights the growing reliance on alternative media sources. Crypto users may be the most vulnerable to hackers, but it is the growing sophistication of these technologies that places users at risk.
Organizations and individuals face ever-increasing security risks and will need to employ advanced preventative measures to avoid being the next victim of a breach.