Article Details

Bloomberg Crypto X account snafu leads to Discord phishing attack. Image: Bloomberg Crypto The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members. According to ZachXBT, Bloomberg previously maintained an older Telegram channel under the username @BloombergNewsCrypto, a detail shared on X/Twitter in August 2023. In October 2023, they updated the Telegram username to @BloombergCrypto. However, a scammer seized the old Telegram username during this transition. Exploiting the fact that Bloomberg's previous Telegram link remained active, the scammer used it today as part of a phishing scheme. "If you are interested, please head over to, our official and only discord server for more information on how to start an application: https://discord[.]gg/bloomberg," a message on the Telegram channel now reads. "Join the Bloomberg Crypto Discord Server! Check out the Bloomberg Crypto community on Discord - hang out with 33975 other members and enjoy free voice and text chat." Upon entering the Discord server, a bot prompts visitors to use AltDentifier, an authentic Discord Verification Bot. Rather than linking to the legitimate https://altdentifier.com/ address, it presents a link to a deceptive page using an altered domain (altdentifiers[.]com) with an extra 's' at the end of the original domain name. The "Bloomberg Crypto staff team" gives visitors 30 minutes to go to this site and complete the verification process. After clicking the link to 'verify' their account, the potential victims are prompted by the AltDentifiers phishing website to verify with Discord, aiming to steal their Discord login credentials. "The server administrators have implemented additional security measures on this server, which include the requirement for all accounts to verify their Discord account," the phishing site says. "Once your account is successfully verified, you will be able to freely participate in the server. Please note that administrators have the authority to override the system if necessary." The malicious link was removed from the Bloomberg Crypto X/Twitter account 30 minutes after ZachXBT's initial tweet. As many crypto communities reside on Discord, threat actors commonly attempt to steal credentials for accounts that frequent such servers. These hijacked accounts can then be used to promote cryptocurrency scams designed to steal users' cryptocurrency assets while appearing to be from a legitimate source. A Bloomberg spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. Update: Revised the article to reflect that Bloomberg's Crypto account led to an old abandoned Telegram channel, hijacked as part of a phishing scheme.