Cryptocurrency Scammers Defaced Donald Trump’s Campaign Website

Cryptocurrency Scammers Defaced Donald Trump’s Campaign Website

For less than 30 minutes hackers took over and defaced Donald Trump’s campaign website. The incident took place at the backdrop of heightened scrutiny for possible digital interference with the presidential election. The hackers appear to have been cryptocurrency scammers looking to fleece cryptocurrencies from unsuspecting Trump campaign website’s visitors.


LIFARS’ Cyber Threat Hunting is an essential exercise to proactively investigate potential compromises, detect advanced threats, and improve cyber defenses.


The hackers defaced the website with a fake FBI notice that read in part: “This site was seized.” The hackers claimed to have gained access to Trump’s private communications and found evidence of wrongdoing. They provided no evidence to support that claim.

Both users who wished to see the supposed evidence made public and those opposed to that were given two cryptocurrency wallet addresses where they could send payments in Monero, an easy-to-send but hard-to-track digital currency. Visitors would be effectively using the payments to vote on whether the hackers should release the private communications they claimed to have.

Obfuscated JavaScript

A Twitter user by the name Gabriel Lorenzo Greschler seems to have been the first one to learn of the hack which happened a few minutes past 4 MP Pacific time. It would seem that the hackers found a way to access’s web server backend where they inserted obfuscated JavaScript to produce the fake FBI message.

The cybercriminals claimed that the private communications they had obtained explained the origin of the coronavirus. They claimed to be exposing Trump’s lies stating in broken English:

“the world has had enough of the fake-news spreaded daily by president donald j trump. it is time to allow the world to know truth.”

This hack followed a common cybercriminals’ script: getting access to a high visibility platform like a celebrity’s Twitter account and then using the often brief appearance to convince as many people as possible to irreversibly send cryptocurrencies to a hard-to-track digital address.



Screenshots of the defaced Donald Trump’s campaign website