UK minister’s account hacked to promote ‘House of Commons’ crypto scam

United Kingdom Minister Lucy Maria Powell’s X (formerly Twitter) account has been hacked to promote the ‘House of Commons’ cryptocurrency scam. In a now-deleted post, the British politician’s account described the “$HCC” coin as “a community-driven digital currency bringing people’s power to the blockchain”.

Confirming the hack, the Member of Parliament’s (MP) office confirmed Powell’s account was hacked on Tuesday morning, and steps were taken quickly to secure the account and remove misleading posts. Some of the posts on her verified account showed mentions of Powell’s position in the bio, including an image of the House of Commons logo.

Lucy Powell has nearly 70,000 followers on X. She currently serves as MP for Manchester Central and has been a leader of the House of Commons since Labour won power last year. Her role involves planning and supervising the government’s legislative programme while also upholding the rights of backbench MPS.

In his own description of the hack, Luke Nolan, a senior research associate at CoinShares, an asset management company specialising in digital assets, said the hack of Powell’s account was an example of “pump and dump”. 

He explained that this occurs when individuals who created the crypto coin inflate its value, get others to invest, and then sell their majority share to get profit, but leave the coin worthless. Nolan added that there had only been 34 transactions on the coin, which would have led to a profit of about £225.

Also Read: Elon Musk blames Ukraine as X suffers major hack affecting users across 3 continents.

Over time, a common method used by cyber criminals revolves around taking over X accounts to advertise scam crypto coins. Cybercrime actors often take over accounts using malicious emails – scam emails containing links to websites that either access systems or trick users into sharing their passwords. Passwords can also be obtained using leaked information from data breaches. At this point, cybercriminals take over the account and plan their posts to hastily raise crypto coins that can only take a couple of hours to create and launch.

By performing this fraudulent action, they hope that high-profile and trusted accounts might encourage people to buy some of the suspicious coins and make some money before it all gets blocked and stopped.

Crypto scam promotion: others like Powell

Amid the Lucy Powell hacked account for crypto scam advert, other prominent figures have experienced such in the past.

In a viral apparent Bitcoin scam in July 2020, Billionaires Elon Musk, Jeff Bezos and Bill Gates, former American presidents Joe Biden and Barack Obama, and Kanye West were among many prominent US figures targeted by hackers on Twitter (now X). The targeted accounts requested donations in cryptocurrency.

“Everyone is asking me to give back. You send $1,000, I send you back $2,000,” a tweet from Mr Gates’ account said. Twitter said then that it was a “coordinated” attack targeting its employees with access to internal systems and tools. “We know they [the hackers] used this access to take control of many highly visible (including verified) accounts and Tweet on their behalf,” Twitter added.

A report by Action Fraud explained that there was a rise in social and email accounts being hacked in 2024, with 35,343 reports. It advised setting up 2-step verification for accounts and using a strong, unique password of three random words.

On efforts made by the House to arrest the rampant incidents, a House of Commons spokesman said: “UK Parliament takes cyber security extremely seriously. We provide advice to users – including Members – to make them aware of the risks and how to manage their digital safety; however, we do not comment on specific details of our cyber security policies.”

Earlier this year, Robinson, a reputable UK Journalist, said his X account was hacked after he clicked on an email he wrongly believed was sent to him by the social media platform.

While the social media hack incident is now a recurring story, it further raises concerns about account security and how effectively social media platforms are at addressing the issue.

The Premium Times official X account hack brings a more familiar case. Recall that on February 19, 2024, the prominent Nigerian online newspaper notified the public that its official X account (@premiumtimesng) was breached, where the attacker posted misleading crypto-related adverts. 

While the account was regained following weeks of back-and-forth, it was perplexing that the hack succeeded despite two-factor authentication (2FA) deployed in social media accounts as an additional security tool that serves as a shield against attacks.