The campaign website belonging to President Trump experienced a brief, partial compromise on Tuesday afternoon when unauthorized individuals gained access and altered portions of the site. These changes replaced existing content with what appeared to be a fraudulent scheme designed to solicit cryptocurrency. Despite assertions made by the attackers, there is currently no evidence to suggest that they achieved “full access to trump and relatives” or successfully obtained “most internal and secret conversations strictly classified information.”

The security incident, initially observed by Gabriel Lorenzo Greschler on Twitter, occurred around 4 PM Pacific time. The perpetrators likely accessed the backend of the donaldjtrump.com web server and injected a substantial amount of obscured JavaScript code. This code generated a spoofed version of the FBI’s “this site has been seized” message, which was displayed over the website’s normal content.

The altered site proclaimed, “the world has had enough of the fake-news spreaded daily by president donald j trump,” and continued with, “it is time to allow the world to know truth.”

The hackers claimed to possess confidential information regarding the “origin of the corona virus” and other details intended to discredit President Trump. They then provided two Monero cryptocurrency addresses. Monero is a digital currency known for its ease of transaction and difficulty in tracing, making it a frequent choice for illicit activities like this cyberattack.

One address was designated for individuals wishing to have the “strictly classified information” released publicly, while the other was intended for those who preferred to keep it confidential. The hackers stated that after a specific, undefined deadline, the cryptocurrency totals for each address would be compared, and the higher amount would dictate the fate of the data.

The altered page was digitally signed using a PGP public key linked to an email address associated with a nonexistent domain (planet.gov).

The website was restored to its original state within minutes of the intrusion. There is no indication that any data beyond the single compromised page was accessed, such as information from donors. Tim Murtaugh, the campaign’s communications director, quickly confirmed the incident, stating that no sensitive data was exposed and that they were collaborating with law enforcement officials.

Soliciting irreversible cryptocurrency transfers to an anonymous address is a common online scam, often executed through brief takeovers of prominent platforms, such as celebrity Twitter accounts. This incident follows a similar pattern and was swiftly resolved.

There is no evidence to suggest that this attack was orchestrated by a nation-state actor. While the messaging exhibits a clear political bias, it lacks the sophistication typically associated with a coordinated attack against the Trump campaign platform. Websites related to campaigns and elections are often targeted by hackers due to their association with high-profile figures, yet they generally have less robust security measures than official government sites like whitehouse.gov. Although the language used does not appear to be typical of a native English speaker, there is no other concrete evidence to suggest a foreign origin for the hack.

This is not the first recent instance of a security breach involving President Trump. His Twitter account was briefly compromised when someone correctly guessed his password (“maga2020!”), but fortunately, the individual did not attempt to access direct messages or cause further disruption. Additionally, Trump’s hotels have been subject to hacking attempts in the past.

President Trump recently made a statement, which appears to be inaccurate, asserting that “Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15% of your password.”