VERDICT —OUT OF SCOPE
Root cause is private-key / signer compromise — the on-chain contract behaved exactly as written. No pre-deployment source audit or bytecode review reaches the key-custody perimeter; this is operational-security territory (HSM/MPC hygiene, key rotation, hot-wallet isolation). Bytecode would show nothing wrong.
▰ METHOD
PRIVATE KEY
PRIVATE-KEY
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The Twitter account of celebrity investor Kevin O’Leary was hacked on Thursday and used to promote a bitcoin and ethereum giveaway scam, Bitcoin.com reported. The hacker claims that Mr. Wonderful (Kevin O’Leary) is giving away 5,000 BTC and 15,000 ETH, and the tweet also provides a link so anyone can participate. The scam giveaway posts have now been removed by Twitter a few hours after they were posted. Attack method (per SlowMist): Account Compromise. Reported loss: -.
Primary source
https://news.bitcoin.com/kevin-olearys-twitter-account-hacked-to-promote-bitcoin-ethereum-giveaway-scam/ ↗Sourced from
slowmist
Technical record
- chain
- ethereum
- protocol
- Kevin O’Leary
- bug_class
- private-key
- date_occurred
- 2022-12-29
- loss_usd
- —
- source_id
- sm:kevin-o-leary::2022-12-29
Related — same bug class· private-key