San Francisco, July 16: In Twitter's biggest security breaches in its history, several prominent high profiles with verified Twitter accounts of the politicians, Hollywood celebrities, musicians, tech billionaires were hijacked by purported Bitcoin scammers to launch a bitcoin scam. The prominent personalities include Barack Obama, Joe Biden, Jeff Bezos, Waren Buffet, Bill Gates, Mike Bloomberg, Elon Musk, Kanye West, and others.
The scam was traced when fake tweets went viral, offering $2,000 for every $1,000 sent to a Bitcoin address through these high-profile accounts. The attackers posted tweets that appeared to promote a cryptocurrency scam. The hacker posted a message in which he urged millions of followers to send money to a specific bitcoin wallet address in return for larger payback.
This hacking starts from Elon Musk when Musk’s account issued a mysterious tweet reading, “I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” The tweet also contained a bitcoin address, presumably one associated with the hacker’s crypto wallet. After that similar message seemed on Gates's account.
Twitter accounts of Apple, Uber, Square’s CashApp, and Coinbase were also hacked with the intent to post similar messages which contained a bitcoin wallet address that directed to the hackers. Twitter acknowledged the situation after more than an hour of silence, Twitter Support announced, "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly."
After that, the fake tweets were all quickly pull down by Twitter. It said it believes the incident was a "coordinated social engineering attack" that targeted some of its employees with access to internal systems and tools. They were then used to take control of many high-profile and verified accounts and tweet from them.
"We know they used this access to take control of many highly-visible (including verified) accounts and Tweets on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it," Twitter said.
Twitter has taken the unprecedented step to stop these verified accounts from publishing any tweet. The company had restored most accounts by Wednesday evening, but warned that it “may take further actions”.The company said that it had also locked the compromised accounts and “taken steps to limit access to internal systems and tools” while it continues its investigation
Twitter said it is “looking into what other malicious activity they may have conducted or information they may have accessed” in addition to using the compromised accounts to send tweets. It also added that internally, they have taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
Late in the evening, Twitter CEO Jack Dorsey wrote, “Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
Meanwhile, some people fell for the scam and sent money to the associated BTC address, as records of the transactions are public due to the nature of the blockchain-based cryptocurrency. The hacker has scammed about $110,000 in bitcoins from about 300 people. At some point during the day, roughly half that sum in bitcoin was withdrawn from the account. On the other hand, Twitter's shares fell 3% in extended trading after news of the hack broke.