Monero scam was at the center of Trump campaign website defacement

It's not clear if the scammers actually hacked anything of value. But skimming cryptocurrency from the public seemed to be the goal.
President Donald Trump
President Trump talks to reporters outside the White House on Oct. 27, 2020. (White House / Flickr)

The brief defacement of President Trump’s campaign website Tuesday night serves as another reminder that when cybercriminals want to cast a wide net for a scam, U.S. politics present plenty of opportunities — especially in the final days of a highly fraught election season.

The front page of the site was replaced with a message claiming that hackers had compromised “multiple devices” and stolen “strictly classified information” — claims that the Trump campaign rejected. There was a call to action, too: Visitors had the choice to “vote” on whether the material should be made public, by sending the cryptocurrency Monero to online wallets marked “yes” or “no.” Any payments to those accounts would be irreversible.

It’s hardly the first time this year that scammers have used Trump’s name to reel people in. Most recently, the Republican president’s COVID-19 diagnosis was a lure; other schemes have involved naming fake ransomware after Trump. Democratic presidential nominee Joe Biden and former President Barack Obama’s accounts also were among dozens leveraged in a bitcoin scam on Twitter.

The message on Trump’s site also called upon another 2020 favorite for fraudsters: the coronavirus pandemic. The Trump administration was accused of being “involved in the origin” of the virus — the kind of comment that pops up in phishing campaigns and faked news articles that are part of scams.


Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, was among the expects who urged users to exercise caution.

The defacement message was signed with a PGP public key that the attackers said would identify them once “the will of the world” had been expressed through Monero contributions. TechCrunch noted that the encryption key corresponded to an email address at a website that doesn’t exist —

Few details about the attackers or the methods of intrusion were immediately available. It’s unclear if hackers broke directly into the website or redirected its traffic to another server.  The Trump campaign said it was working with law enforcement, and that no sensitive data was stored on the campaign site. Official U.S. government work is handled through .gov domains that would not have direct links to any political sites.

It’s safe to say that any Trump-related account is probably under intense pressure from potential intruders of all stripes. Last week a Dutch security researcher claimed that he had figured out the president’s Twitter password.


Monero, meanwhile, enjoys a reputation for being more private or less traceable than bitcoin, but security researchers have said the idea is debatable.

The incident also comes just weeks after the president falsely claimed “nobody gets hacked.”

Latest Podcasts