You probably wouldn’t expect a message from “Signal support” warning you about a security issue. That’s usually a red flag on its own. That exact trick has apparently been working on a lot of people, and now there’s a 10 million dollar hacker bounty out because of it.
The US State Department announced the reward this week through its Rewards for Justice program. It’s looking for information on two groups tracked as UNC5792 and UNC4221. The FBI links both groups to Russian intelligence and military services.
They’ve been posing as Signal and WhatsApp support accounts, sending messages that claim your account needs a two-factor check. Hand over your backup recovery key, and they can pull your old messages straight out of the account. The 10 million hacker bounty covers information on names, locations, and financial ties for people involved in either group.
Targets reportedly include US government officials, military leaders, journalists covering Russia and Ukraine, and NGOs helping Ukraine. The announcement says the campaign has compromised thousands of accounts this way.
Why the attackers didn’t need to break any encryption
This doesn’t touch Signal or WhatsApp’s encryption at all. Social engineering did all the work here. All it took was someone willing to hand over a backup key. Signal’s real support team communicates through official email.
Some of the tactics went even further. In certain cases, attackers modified Signal’s group invite links, so clicking one connected their own device to a victim’s account instead. The FBI and CISA flagged this update to their guidance just last week, and it’s a good reminder to double check security settings on any account tied to sensitive conversations.
Whether this $10 million hacker bounty actually leads anywhere is a different question entirely.

