A hacker took over trading app Robinhood's Twitter, Instagram, and Facebook accounts for a scam that netted less than $8,000.
Hackers took control of Robinhood's social media accounts on Monday, trying to get customers to buy a fake cryptocurrency token called $RBH.
They mostly failed however, with less than $8,000 collected from about 25 would-be buyers. Only $1,000 had been collected by the time the post was removed a few minutes later.
On Twitter, the 11:57 a.m. post offered a "reminder" of the new token launch three minutes later on decentralized exchange (DEX) PancakeSwap, telling Robinhood customers "you can be among the first to buy at a starting price of $0.0005."
In a statement, the crypto and stock trading app said:
"We're aware of the unauthorized posts from Robinhood Twitter, Instagram, and Facebook profiles, which were all removed within minutes. At this time, based on our ongoing investigation, we believe the source of the incident was via a third party vendor."
Coinbase director Conor Grogan said on Twitter that the token was "a 'honeypot' and will not allow users to sell or transfer after they purchase it."
The low return from hacking a major site like Robinhood garnered some scorn on Twitter, with one reply to Grogan's post saying:
"Imagine hacking Robinhood's Twitter account and only making $1,000 off it."
But for the complexity of a honeypot token, there were some amateur mistakes. Notably, the tweet said that $RBH was launched on the Binance Smart Chain — which was renamed BNB Chain last February. Something you'd expect a site like Robinhood to know. But not a new or casual crypto buyer.
On-chain scam investigator ZachXBT tweeted that the scam sent funds through Binance hot wallets, leading CEO Changpeng "CZ" Zhao to reply that the exchange's "security team also noticed that and have locked the account pending further investigations."
He later added:
"Always have critical thinking even if the account looks or is real."