Cyber Incident Victim: Banco Unión
Date:
Feb 2025
Location:
Bolivia
Summary
A financial institution experienced a cyberattack where its verified social media account was compromised, with attackers impersonating the country's president to promote a fraudulent cryptocurrency named "$Bolivia" as a purported national digital asset. The incident caused significant user concern due to the account's official status and the organization's prominence within the national banking system, though no official statements had been issued at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2025, Banco Unión, a significant financial institution within Bolivia’s banking system, experienced a cyberattack targeting its verified official account on the social media platform X. Attackers compromised the account’s security, altering its display name to that of Bolivia’s President Luis Arce and replacing the profile imagery with his photograph to impersonate a credible authority. The attackers then published promotional content announcing the launch of a purported national digital asset named “$Bolivia,” falsely presenting it as a new state-backed cryptocurrency initiative. This fraudulent activity exploited the bank’s institutional reputation and the account’s verification status to lend legitimacy to the scam. The compromised posts specifically marketed the fake cryptocurrency to the bank’s followers, leveraging the platform’s reach to amplify the deceptive campaign. No technical details regarding the intrusion method—such as phishing, credential theft, or platform vulnerabilities—were disclosed in available reports. The incident represented a direct compromise of the bank’s external communications channel but did not indicate any breach of internal financial systems or customer data.
The impersonation scheme generated immediate concern among Banco Unión’s client base and the broader public due to the bank’s systemic importance in Bolivia’s financial sector and the official verification status of the hijacked account. The attackers’ strategic use of presidential branding heightened the perceived authenticity of the fraudulent cryptocurrency promotion, increasing the risk of financial harm to individuals potentially misled by the claims. As of the reporting date, neither Banco Unión’s management nor relevant Bolivian government authorities had issued public statements acknowledging the incident, detailing mitigation steps, or clarifying the fraudulent nature of the “$Bolivia” asset. The absence of official communications left unresolved questions about the attack’s duration, the bank’s incident response actions, and any coordination with law enforcement or social media platforms to restore account security. The compromise underscored operational vulnerabilities in the bank’s social media management practices while highlighting the persistent threat of reputation-based attacks targeting trusted financial entities.