High-profile U.S. Twitter accounts hacked in massive Bitcoin scam

Hackers appeared to have breached some of the most prominent accounts on Twitter, including Who’s Who of Americans in politics, tech, and entertainment.

On Wednesday, around four o’clock in the afternoon on the East Coast, chaos struck online. Many high-profile Twitter accounts such as those of Joe Biden, Barack Obama, Jeff Bezos, Apple, Uber, Bill Gates, Elon Musk, and many other tech companies were compromised. The hacked accounts all included a similar message “Send Bitcoin and the famous people would send back double your money.”

According to various reports, the hack began when fake tweets offering to send $2,000 for every $1,000 sent to a Bitcoin address were made through these accounts. Additionally, the hack appeared to have occurred in two separate rounds after the same Bitcoin-scamming tweets were made twice from the official Twitter accounts of Bill Gates and Elon Musk after their first tweets were deleted. Twitter Support claimed on Wednesday evening that their team was intensively investigating this scam, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”

Screenshot via Twitter 1

While the hack circumstances are not still 100% clear, according to various reports, hackers behind the scam involved leveraging an internal Twitter admin tool to gain access to the verified accounts. This report was later confirmed by the official Twitter’s own account. On the same day that the attack took place, Twitter wrote that “a coordinated social engineering attack” on employees gave a hacker “access to internal systems and tools.”

Screenshot via Twitter 2

After the initial scam, it appeared that some of the hacked Twitter accounts were back at their owners’ control after the first tweet scams were deleted; however, accounts of Bill Gates and Elon Musk then tweeted “hi” after their initial tweet, confirming the second attack. The second tweet “hi” was shortly deleted as well.

As the scam proceeded, many other verified Twitter users reported being unable to tweet in their official accounts. Twitter Support later confirmed with a tweet that “You may be unable to Tweet or reset your password while we review and address this incident.” Later that evening, Twitter claimed that tweeting of most accounts would be back to normal soon, but the ‘functionality’ “may come and go,” as they continue to work on a permanent fix.

Unusual social network hack — Common scam

While the scope of this attack was unprecedented on the social network, these types of scams and social engineering attacks are quite common. In most cases, hackers target high-profile accounts using breached and leaked passwords and post different messages which lure users to post their cryptocurrency funds to a specific address using the ‘double investment’ trick. These types of scams may seem simple, but there are numerous cases in which they do work successfully.

In this particular case, the main address used on the scam site has already collected more than 12,5 bitcoin which translated in U.S. dollars is approximately 116,000 (and it is constantly going up). 

For these types of scams, Bitcoin is one of the most popular tools because once the victim of the scam sends the money to that address, it is almost impossible to recover the stolen funds.

A spokesperson of one of the largest cryptocurrency companies, Binance, stated that “The security team is actively investigating the situation of this coordinated attack on the crypto industry.” 

As it is still unclear how the hackers took over the accounts, security experts are claiming that when the hackers gained access to the victim accounts, they changed the email address that was associated with the account to make it almost ‘impossible’ for the real account owners to regain access. 

The number of verified accounts impacted by the attack makes this arguably the biggest security breach in Twitter’s history.

This story is developing. Stay tuned for more updates.