Twitter accounts of several prominent verified users were hacked in a widespread Bitcoin scam early Thursday. The official accounts of former US President Barack Obama, rapper Kanye West and his wife Kim Kardashian, Microsoft co-founder Bill Gates, Amazon CEO Jeff Bezos, Tesla CEO Elon Musk, media tycoon Mike Bloomberg, along with major brands such as Apple and Uber, were among many others which fell victim to the hack. These accounts sent out tweets trying to dupe people into donating money in Bitcoin cryptocurrency. Twitter had briefly blocked access to all verified accounts (marked with blue tick) and are presently investigating into the matter.
Twitter hack: What happened
The mysterious tweets were marked by a similar message, asking people to donate Bitcoins, promising double returns. Twitter has removed all such posts since. A post from Bill Gates’ account read, “Everyone is asking me to give back. You send $1,000, I send you back $2,000.” A similar message was posted from several other prominent accounts as well, specifying that the double return offer would last for 30 minutes.
All of the tweets shared one of three Bitcoin addresses that apparently belonged to an organisation called CryptoForHealth. According to a BBC report, the web address where some of the tweets redirected users to was registered by a cyber-attacker with the email address ‘[email protected]’ and the profile name Anthony Elias. The report also suggests that cryptoforhealth is a registered handle on Instagram, who profile description read, “It was us.” The website cannot be reached now.
Twitter’s response and investigation
Twitter said that it was investigating the issue and taking steps to fix it. While Twitter briefly blocked access to almost all verified accounts globally as one of the first steps, it later revealed that most of the accounts have now been restored. However, some of the compromised accounts are still locked by Twitter and access will be restored to the original account owner when things are secure.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
In a thread, Twitter revealed some details from its investigations into the matter. It said that the hack was a result of a “coordinated social engineering attack” that targeted some of its employees who have access to internal system and tools.
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed,” said the social media giant. “Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing.”
Meanwhile, a Vice report suggests that a Twitter insider was responsible for the hack. It quoted a source saying, “We used a rep that literally done all the work for us.” Another source revealed that the insider was paid for the task as well.
The motive behind the attack is believed to make the most money as quickly as possible. While there are conflicting reports of how much money the hack has made, the BBC report also says in order to make the scam seem more legitimate, cyber-criminals usually add their own funds into their Bitcoin wallets.
When the Bitcoin address shared on the hacked tweets was checked on Blockchain.com, it was revealed that the hackers have received 373 transactions till now, collecting 12.86252562 Bitcoins – equivalent to over $118,300 (roughly Rs. 89 lakhs). According to a report by Bloomberg, citing a Bitcoin tracing company, almost half of the spoils have already been transferred to other Bitcoin wallets.
Most of the money has reportedly come from users in the US, a quarter from Europe, and remainder from Asia.
Poco M2 Pro: Did we really need a Redmi Note 9 Pro clone? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.