In what’s referred to as the biggest social media hack in history, Twitter accounts of a number of high-profile celebrities, entrepreneurs, and politicians were hijacked to promote a Bitcoin giveaway scam. Twitter accounts of Bill Gates, Elon Musk, Barack Obama, Apple, CoinDesk, Kanye West and other famous people/companies were briefly hijacked on Wednesday to promote a cryptocurrency giveaway scam that promises to send people double the amount of Bitcoin they receive.
There is nothing new about Bitcoin giveaway scams themselves. They use generic “I want to give back” texts with promises to double all payments sent to the provided wallet address. However, the way this one was delivered is a first.
Legitimate Twitter accounts were used to promote the Bitcoin scam
Scammers promoting cryptocurrency and similar scams often use famous people/company names in order to trick users into sending money. They create social media profiles resembling the legitimate accounts of famous people and comment on celebrities posts with promotions of the scams. It’s pretty obvious that those accounts are not real, so not many people fall for them.
On Wednesday, however, yet to be identified hackers were able to hijack famous Twitter accounts by targeting Twitter employees who have access to internal systems and tools. As a result, legitimate Twitter accounts of Elon Musk, Barack Obama, Bill Gates, Joe Biden, Jeff Bezos, Apple, CoinDesk, and more displayed a cryptocurrency scam for a short period of time.
“Everyone is asking me to give back, and now is the time,” the post of Bill Gates’s Twitter account said. The tweet then explained that all payments sent to the provided BTC address would be doubled and sent back. Almost identical messages were posted on other hijacked accounts.
The tweets were quickly taken down, but not before hundreds of people transferred their cryptocurrency, earning scammers almost $120,000 in minutes. Many transactions to the Bitcoin wallet were as small as $0.5, while some users sent out as much as $40,000 in hopes to receive double the amount.
Soon after the posts were taken down, Twitter released a statement acknowledging the security incident. The social media giant explained that they detected what they believe to be coordinated social engineering attack, during which Twitter employees with access to internal systems and tools were targeted. When the attackers gained access, they were able to hijack many high-profile verified accounts. They then posted tweets promoting the Bitcoin giveaway scams. The company later revealed that approximately 130 accounts were targeted but only a small number of them were actually hijacked.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” a tweet on Twitter Support account said.
No evidence to suggest passwords were accessed
As soon as Twitter became aware of the incident, it locked down all affected accounts and removed the tweets in question. As a precaution, the social media giant also limited functionality for all verified accounts, even if they showed no signs of being compromised. While most functionality has been restored, some features remain unavailable while Twitter investigates. For the time being, all Twitter accounts are blocked from tweeting Bitcoin addresses and strings of text that resemble it.
Twitter also said they do not believe resetting passwords is necessary, as there is no evidence to suggest that they were accessed by attackers. It’s still investigating whether non-public data from hijacked accounts was compromised.
The ultimate end goal of the attack is not clear
While it may appear that collecting easy money may have been the goal of the whole incident, there are fears that posts promoting Bitcoin giveaway scams may have been a facade. It is quite suspicious that attackers orchestrated an attack to this extent to only tweet a scam, considering they had access to accounts of highly influential people and companies. The payout for an attack of this size also seems insignificant. Especially when you consider that all involved Bitcoin addresses to which money is transferred will be closely monitored by law enforcement in order to track the attackers.
It is speculated that attackers could have been able to acquire all kinds of information from the hijacked accounts, including private messages. And considering to whom the accounts belong to, leaking private data could have serious consequences, especially during US president election year.
All things considered, it could have been worse. The hijacked accounts have millions of followers and belong to some of the most famous people/companies in the world. Tweeting controversial messages from those accounts could have caused havoc. Had attackers managed to hijack US president Donald Trump’s account, they could have tweeted out declarations of war, for example. While most people would not take tweets as official statements, such declarations would still cause panic. Though it is believed Trump’s account is protected by additional security measures after a rogue Twitter employee disabled the president’s account on his last day.
Whatever the end goal of this attack was, it’s still a stark reminder how essentially any online platform can be infiltrated.