Lights

Comments

Primož Roglič’s Twitter hack reveals the worst of the internet

We follow rabbit hole after rabbit hole, all the way to the bottom of the flaming dumpster.

Composite image: Cor Vos / Milady

Iain Treloar
by Iain Treloar 28.04.2023 Photography by
Cor Vos
More from Iain +

Primož Roglič is not a man prone to flights of fancy. Over his cycling career, he’s won a lot of races, lost some in heartbreaking fashion, and built a stoic, enigmatic public persona. So when his 130,000-odd Twitter followers were bombarded with a flurry of bizarre retweets and unsettling promotional content, it was pretty clear something was up. 

Primož Roglič, the owner of the Twitter handle @rogla, had been quite spectacularly hacked.  

Now, shady shit happens on the internet every day of the week. But the nature of Twitter Roglič’s sudden transition from cycling icon to scam artist is instructive, because the more I’ve looked into the story over the past few days, the more I’m convinced it’s a microcosmic example of all the worst things about online culture. But with a happy ending, of sorts.

Let me explain. 

Part 1: The hack

The first sign something was wrong came on Saturday, when Roglič’s largely dormant Twitter account sprang into action, with a new username. He was no longer Primož Roglič – he was ‘Milady Maker!! ? ? ? ? @ REMCON TOKYO ?’.

This new persona had a lot on its mind. As 129,000 cycling fans were about to learn, Milady was – and I quote – “Maker so crazy ♡ Remilia made me ♡ ILY Milady ♡ we love you Milady ♡ let’s go crazy Milady”. 

With regret, I can report that Milady is “a collection of 10,000 generative pfpNFT’s in a neochibi aesthetic inspired by street style tribes,” which, paraphrased, is a series of digital anime trading cards, bought and sold on the internet. NFTs – non fungible tokens – are digital artworks with a ‘proof of stake’ as a certificate of ownership, although the image itself can be viewed and saved by anyone with the inclination and ability to right-click. The category boomed in 2021, but a series of high-profile collapses in the cryptocurrency sector which underpins the digital art marketplace saw trading volumes drop by 97% by the end of last year. 

As a cherry on top of that shit sandwich, NFTs are really bad for the environment, with a single transaction adding an estimated 48 kg of CO2 to the atmosphere.

Nonetheless, there are still people flogging the NFT horse, and Primož Roglič was, unwittingly, about to become one of them. 

A scroll back through the account revealed some very Roglič retweets – now under another username.

The Milady project – a creation of Remilia, a collective of “Avant Net Art Extremists” – was having A Big Moment over the weekend. In Tokyo, there was a multi-day Milady fan convention complete with a rave and the unveiling of a new NFT project called ‘Bonklers‘.

Another major talking point was a “decentralised McDonald’s meetup”. With the timing of the hack, that meant Primož Roglič’s account was mostly used to retweet a bunch of pictures of NFT enthusiasts taking printouts of their little digital trading cards on dates to eat McDouble burgers:

https://twitter.com/angelcore_apple/status/1647461453136560129

Also, there was merch, in the form of Remilia-branded cigarette packs:

If that’s not enough to make your brain turn to paté, try this on for size.

According to Milady’s retweets, it appears to be an NFT favoured by “ex-incels”, with a sideline in COVID conspiracy theories. Completing this horror-show is the fact that the price of Miladys plummeted last year after one of its founders was linked to Nazi ideology; some of the NFTs in the collection include references to Holocaust camps. Meanwhile, founders at Remilia – Milady’s parent entity – have been linked to a broad spectrum of truly horrific things ranging from encouragement of anorexia and suicide, to overt racism and antisemitic views.

Things were rapidly going downhill for Primož Roglič’s Twitter account, and his followers – who were now Milady’s followers – had noticed. But while there was a flurry of reports to Twitter, it was about to be too late …

Part 2: The switch

… because the @rogla handle was abruptly changed to ‘@MeesbitsNFTs’, another NFT project entirely. The cartoon Miladies were suddenly passé, because the Twitter scammer(s) had a larger target – pretending to be Meebits (note the slightly different spelling in the handle), an NFT project under the umbrella of Yuga Labs, creators of the Bored Ape Yacht Club.

Screenshot: Bored Ape Yacht Club

In a space marked by scams, Yuga Labs and Bored Ape have a veneer of respectability – celebrities like Justin Bieber and Gwyneth ‘Goop’ Paltrow are on board, with NFT owners gaining access to a virtual ‘Yacht Club’ with a virtual ‘Bathroom Wall’ where users virtually graffiti virtual penises

Yes, the virtual dick wall people are some of the most credible actors in the space.

Although the @rogla Twitter username had been changed, its followers remained – which meant that 129,000 Roglič enthusiasts were still getting updates from what had once been his account, but was now clearly in someone else’s hands.

Note the follower count, the similar users, etc.

The goal of the account owner was, and remains, a bit unclear to me. Roglič’s blue checkmark and healthy audience had been retained through the switch, so with a near-indistinguishable username from the actual MeebitsNFT profile, perhaps the desired outcome was to just pretend to be a major player in the digital art space.

There’s precedent – Yuga Labs projects have been targeted in this way before. The Twitter account of the All India Trinamool Congress, an influential Bengalese breakaway political faction, was hacked in February, with its username switched to ‘Yuga Labs’. That wasn’t the first such example, and it wasn’t even the first such example in the Indian political sphere – the Chief Minister of Uttar Pradesh was, in February 2022, briefly a Bored Ape hammering four million followers with spam.

In a politically volatile environment, it’s hard not to worry about the possible implications of more malevolent Twitter hacks.

Screenshot: IndiaToday

Did Yuga Labs itself have anything to do with any of it, from Roglič to the Indian politicians? That seems unlikely – although a request for comment and clarification from the company went unanswered. More plausible is the likelihood that in those tweets and retweets are phishing links, designed to trick users into opening their (virtual) wallets.

Journalist Jacob Stern, writing for The Atlantic, was locked out of his Twitter account like Roglič had been, and found himself wondering what the hacker’s game was. The scam methodology, he wrote, was twofold:

“In the first, the link takes potential buyers to a site that prompts them to transfer a sum of cryptocurrency in exchange for an NFT, then gives them either a fake NFT or nothing at all. The second is even more destructive: In this version, the site asks buyers for their personal key, which the scammers can use to steal the entire contents of their crypto wallet.”

The hackers moved quickly, though – and in Roglič’s case, the account had changed from @rogla to @MeesbitsNFTs to something called @chatniozk in a matter of days. And it was about to change again. 

The next iteration.

On Monday, the account had switched to @SeiNeitwork – again, a slightly misspelled variant of an existing Twitter handle, @SeiNetwork. Sei is a cryptocurrency “community” that is “the fastest layer 1 blockchain, designed to scale with the industry”. Also, it has a little boat in its username. And, since the start of this week, that’s where Primož Roglič’s followers have ended up. 

Roglič strikes me as a man more interested in clicking buttons on his Garmin than on NFT auctions. (Image: Cor Vos)

Part 3: A billionaire’s folly

So how did we – how did Roglič – end up here? That answer takes us back further than last weekend. According to an enterprising Twitter user who contacted Roglič’s wife Lora Klinc to notify her about the hack, Roglič first lost access to his account in February. That followed a vast data breach at Twitter that saw partial details of 200 million users traded on the dark web – a majority of the ~353 million active Twitter users. That breach was largely overlooked, however, due to the cavalcade of other controversies and own-goals afflicting Twitter since Elon Musk’s takeover of the platform in October 2022. 

Musk’s disordered leadership has come under renewed scrutiny lately, thanks to the fatally flawed implementation of the platform’s verification system – a subscription service flipflopping between providing a useful service for Twitter users and giving fake legitimacy to grifters and charlatans with $8 in their pocket. The current state of play is Musk giving blue ticks away to celebrities even when they explicitly say they don’t want them; for reasons unknown, he also gave one to Saudi journalist Jamal Khashoggi who was brutally executed in 2018.

A request for comment from Twitter literally received a poo emoji in response, which probably tells you all you need to know about the state of the company in the Elon Musk era:

Thanks Elon!

In the case of the Primož Roglič scam, that blue checkmark helped the (fake) Milady and Meebits accounts appear more like they were the real deal, amplifying their message and passing them off as exactly the kind of NFT projects that ‘ex-incels‘ and Bored Ape enthusiasts can’t get enough of. 

But in the case of the most recent iteration of Roglič’s stolen account, the blue checkmark also provides a clue. 

Next to the Sei username, instead of the usual disclaimer (that they subscribed to Twitter Blue and verified their phone number) …

Screenshot: Twitter account of SeiNetwork (the real one)

… we have something different: 

Screenshot: Twitter account of SeiNeitwork (the fake one, complete with pictures of Roglič still in the media folder on right of frame).

Which sure looks to me like Primož Roglič’s Twitter account was stolen by, or traded into the hands of, zkSync – a big, apparently reputable blockchain company that claims via its fancy website to be working to “increase [crypto currency] Ethereum’s throughput” while also “fully preserv[ing] its foundational values – freedom, self-sovereignty, decentralization.”

Which I guess underscores my earlier point about the shonkiness of the entire space, and the fact that it’s inhabited by grifters and charlatans. Hooray! (zkSync did not respond to a request for comment – not even with a poo emoji).

Part 4: A pleasant postscript

If you’re at all like me, this entire story has been pretty dystopian. A beloved Slovenian cyclist’s identity online was stolen, passed around a bunch of planet-destroying NFT projects, and is now pushing blockchain technology – all while its owner has been locked out, several iterations ago. Add in a badly behaved billionaire, the dumpster fire of social media, incels, Nazis, and the blurring of what is real and what is not.

It’s like a bingo card filled with the most awful stuff about online culture, painting a near-unrelentingly bleak picture of where the internet and humanity is heading.

But there is light. 

“Come on, give this story a happy ending!” (Photo: Cor Vos)

Soon after the @rogla Twitter handle was switched out for one of the shitty NFT projects, it was snapped up again. The new bio read, simply, ‘just trying to get a hacked Twitter handle back into the hands of a cyclist’.

Speaking to me over Twitter DMs, the owner told me they were “just a random cycling fan from the US … when I saw that Roglič’s account had been hacked and that they had changed his handle, I knew there was a big risk that someone else would try to snap it up and profit off how many tweets it’s mentioned in.” 

This Good Samaritan explained that they “didn’t want it to fall into the wrong hands” (again, I guess) and parked on the Twitter account in the hopes that Roglič would reclaim it. (Roglič and his management team did not respond to a request for comment for this story). 

A couple of days later, a wrong was righted. “Some of his people got in touch and helped to get everything sorted out,” the @rogla rescuer told me.

Are they at least going to get hooked up with a signed jersey or something, I wondered?

“hope maybe haha 🙂 i don’t really mind either way. i just wanted to help,” came the reply.

Which brings us to April 26, when a Tweet floated off into the ether:

Primož Roglič doesn’t have 129,000 followers anymore, although @SeiNeitwork still does. At the time of writing he’s creeping up through the 4,000s. He follows just two accounts: his wife, and his Jumbo-Visma team. There is not a single NFT to be seen.

But for the first time in a week, it is him. And after the places his Twitter account has been recently, that’s about as good a result as we can hope for.

Did we do a good job with this story?