A Twitter account related to Prime Minister Narendra Modi’s personal website was hacked in the early hours of Thursday. The account (@narendramodi_in), with over 2.5 million followers, taken over by the hackers to post a series of tweets urging followers to donate Bitcoin and Ether to the PM National Relief Fund. The account is different from Modi’s personal account (@narendramodi) which has over 61 million followers.

The hackers proclaimed to be from a group John Wick, ANI reported. Twitter confirmed the hack to the agency and said that it was taking steps to secure the compromised account. The tweets have since been deleted from the account. Screenshots of the tweets are in wide circulation on the internet. The Bitcoin and Ethereum addresses mentioned in the two tweets did not seem to receive or send much money: the Bitcoin address received less than ₹60, while the Ethereum address received around ₹2. Although the timestamp suggests that transfers were made to the addresses after the hack, we cannot assume causality here.

The hackers also claimed they were not the “John Wick” that had reportedly hacked Paytm Mall earlier this week. Cyble, an Atlanta-based cybersecurity firm, had alleged that cybercrime group “John Wick” had gained unrestricted access to Paytm Mall’s databases. The hackers reportedly asked for a ransom in ether, a cryptocurrency. However, Paytm Mall denied that its databases had been breached.

Similar MO to attacks on famous Twitter accounts in July

Earlier this July, multiple high-profile Twitter accounts, including those of Apple, Bill Gates, Elon Must, Joe Biden, Kim Kardashian West and Barack Obama, were hacked. After taking control of the accounts, the attackers had posted tweets with Bitcoin wallet payment addresses. The attackers did not claim credit for the massive hack, in which at over 100 accounts were compromised. Twitter later said attackers had gained access to an internal tool at Twitter that let them take control of high-profile handles.

Later that month, the US department of justice charged three individuals for masterminding the operation, including a 17-year-old who had convinced a Twitter employee he was working in the company’s IT department and tricked that employee into giving him credentials to the internal tool.