A security incident on Twitter duped businesses and people into sending at least $120,000 worth of Bitcoin to an anonymous online wallet, half of which has already been spirited to other accounts.
Given that some of the Twitter accounts targeted were using two-factor authentication (2FA) and strong passwords, the hack may be internal to twitter.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter Support said today.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
The investigation is currently ongoing, and Twitter has for now limited the functionality for all verified accounts.
“Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers,” it said.
According to Motherboard, the accounts were taken over by using an internal tool at Twitter, screenshots of which have been deleted by Twitter and suspense users who have tweeted them, claiming those tweets violate its rules.
Other tech companies like Facebook, Snapchat, and MySpace have also faced the issue of malicious insiders.
However, it’s not the first time something like this has happened with Twitter. Some of the prominent attacks that occurred recently include a dozen Twitter accounts of NFL teams hacked in January 2020, the account of Twitter CEO Jack Dorsey fired off a slew of racists and vulgar tweets last year, then in 2018 Twitter support forms were exploited.
Back in 2016, Dorsey was hacked by OurMine and a month before that malware was used to collect more than 32 million twitter passwords, which were then put up for sale on the dark web. In January 2015, the US military account tweeted out threatening messages and changed its header message to include “I love you isis.”
Give some to get some
It all started with people from the cryptocurrency space and then exchanges yesterday. From Binance, Coinbase, Gemini, KuCoin, Ripple to Binance CEO Changpeng Zhao, Tron founder Justin Sun, Litecoin creator Charlie Lee, CryptoCobain, AngeloBTC, and others were targeted.
The tweet from the hacked accounts involved a Bitcoin giveaway scam that asked people to send their BTC to the address to get them doubled.
Bitcoin did not fix this. pic.twitter.com/PEhiIEZoZZ
— Ledger Status (@ledgerstatus) July 15, 2020
From here, it just exploded when the person or people behind the scam gained access to the Twitter accounts of Tesla CEO Elon Musk (not the first time he has been used in a scam), Amazon CEO Jeff Bezos, Warren Buffett, Joe Biden, Barack Obama, Benjamin Netanyahu, Kanye West, Kim Kardashian, Michael Bloomberg, Apple, Wendy’s, Uber, and many more.
Interestingly, despite it being such a coordinated and sophisticated attack, the hackers were able to scam just 12.8 BTC out of people, worth $120,000.
“We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $120,000 in bitcoins from about 300 people,” said Alperovitch, who now chairs the Silverado Policy Accelerator.
Some even argued the hacker could have done a much better job.
whoever is behind this is prob not native to crypto based on how inefficiently they've decided to go about it
orders of magnitude more damage could've been done https://t.co/JWWEMj1adn
— CryptoGainz (@CryptoGainz1) July 15, 2020
According to Tom Robinson, co-founder of Elliptic, which has helped law-enforcement agencies track BTC-related crimes, half of the $120,000 funds were acquired from users in the US, a quarter from Europe, and the remainder from Asia.
“They are obviously sophisticated in that they didn’t send these funds directly to an exchange to cash out,” Robinson said. Finding them depends on how they try to cash out.
Coinbase has already begun blocking its users’ payments sent out the hacker accounts. “We are essentially blacklisting addresses as we see them posted in the scam tweets,” said Elliott Suthers, a spokesman for Coinbase. Gemini has also blocked the attackers' accounts.
Huobi has backlisted the address associated with the #twitterhack We will pay close attention to these assets and it’s transactions.
As always we stand united and will do our part to keep the crypto community safe.#Twitterhacked
— Huobi (@HuobiGlobal) July 16, 2020
Twitter stock fell more than 3% in after-hours trading Wednesday, while Bitcoin dropped nearly 2% from 9,200 to $9,026 and is now back above $9,100.