Cyber Incident Victim: Mann Deshi Bank
Date:
Jan 2022
Location:
India
Summary
The official Twitter account of Mann Deshi Bank was compromised alongside two other prominent Indian organizations in a coordinated crypto scam attack. Hackers posted fraudulent cryptocurrency giveaway tweets impersonating Elon Musk, directing victims to a Telegram link that instructed them to send Bitcoin to a specified address under false promises of high returns; this resulted in 31 victims collectively losing approximately 5.75 Bitcoin ($273,848). The bank’s account, like the others, exhibited weak access controls with multiple individuals sharing credentials, though the exact compromise method remained unconfirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 3, 2022, the official Twitter account of Mann Deshi Bank (@MannDeshiOrg) was compromised alongside the accounts of the Indian Medical Association (@IMAIndiaOrg) and the Indian Council of World Affairs (@ICWA_NewDelhi) in a coordinated cryptocurrency scam campaign. The attackers gained unauthorized access to these accounts, which collectively represented prominent national institutions—Mann Deshi Bank being a cooperative bank focused on empowering rural women. Between approximately 0155 hours Indian Standard Time and onward, the compromised accounts posted fraudulent cryptocurrency giveaway announcements impersonating Tesla CEO Elon Musk. These tweets falsely promised an "airdrop" of 5,000 Bitcoin to users who clicked embedded Telegram links, directing them to a scam portal requiring upfront Bitcoin transfers ranging from 0.02 to 10 BTC ($945 to $472,967 at the time) with promises of 10x returns. Blockchain analytics confirmed 31 victims transferred 5.75 BTC ($273,848) to the attacker’s wallet. The fraudulent tweets included misspelled names, lacked Twitter’s official verification badges, and were accompanied by artificially generated engagement through rapid-fire replies to simulate legitimacy.
Twitter automatically locked the Indian Medical Association’s account after detecting suspicious activity, but Mann Deshi Bank’s account remained compromised with scam content visible at the time of reporting. The bank had not publicly disclosed recovery efforts or regained control, unlike the Indian Council of World Affairs, which successfully deleted the fraudulent tweets. Forensic analysis suggested shared attacker infrastructure across all three breaches, though the exact compromise vector for Mann Deshi Bank remained unconfirmed—potential methods included password reuse among multiple account managers or brute-force attacks. The incident mirrored prior high-profile Twitter compromises in India, including Prime Minister Narendra Modi’s account in December 2021. Financial losses were quantifiable via blockchain records, but reputational damage to the bank and risks to its rural customer base—a demographic potentially vulnerable to social engineering—were not explicitly measured. No breach notification or customer advisories from Mann Deshi Bank were reported in the immediate aftermath.