It started around 9PM on Wednesday night. I was in the office sitting at my desk when I received a Twitter message from a friend, we’ll call him Robert. On that night, Robert and I had a series of conversations where an urgent matter had compelled him to request that I send him Bitcoin. The screenshots in this post depict a conversation I had with the hacker that gained access to Robert’s Twitter account by means of a phone porting attack in conjunction with a phishing attack.

It began as a casual conversation. Robert had asked me for a huge favor. Prior to him indicating what the favor was, I offered to send a large amount of Bitcoin. Cryptocurrency savvy hackers will request payments in Bitcoin, although traceable and public, Bitcoin payments are instant and non-reversible making it a convenient choice.

The hacker joked, requesting a smaller amount of Bitcoin. At this point it was not clear whether Robert had been compromised as it appeared as a sarcastic response just as much as it appeared a legitimate request. Regardless, I agreed.

In order to continue the conversation, the hacker was provided with the impression that the funds had been sent to a pre-determined address. The hacker insisted on receiving a payment at an alternate Bitcoin address.

The hacker was provided with the impression that we were participating in an exclusive ICO presale. This was done in order to retrieve the hacker’s Ethereum address for a reason to be discussed later.