Some of the largest verified Twitter profiles in the world have been hacked, including accounts of multinational corporations, celebrities, and politicians. The hacked accounts were directed to share Bitcoin scams which were intended to siphon money from unsuspecting followers. Similar scams have been seen from fake accounts in the past, but this is the first time such large accounts have been taken over simultaneously.
Some of the accounts affected so far are Elon Musk, Joe Biden, Jeff Bezos, Apple's official account, Bill Gates, Warren Buffett, Kanye West, Kim Kardashian, Uber, Wiz Khalifa, Floyd Mayweather, Cash App, MrBeast, XXXTentacion, and many others. Many cryptocurrency exchanges and companies were also targetted in the attack, including Binance and Kucoin.
It is not clear how the accounts were hacked, but security experts suspect that it could have been a hack on a third party social management app, instead of Twitter itself, but considering the scale of the hack some believe that Twitter's infrastructure could have been compromised. In the past, third-party apps have been compromised, which allowed hackers to gain access to accounts, but it has not been to this scale. This could potentially be the largest hack in Twitter's history.
A bunch of high profile cryptocurrency Twitter accounts have been hijacked to tweet bitcoin scams. Likely a 3rd party App compromise rather that Twitter itself. Wallet has received ~$6000. pic.twitter.com/D8MiXrz9ml
— MalwareTech (@MalwareTechBlog) July 15, 2020
Another strange thing about this incident compared to similar situations in the past is that the hackers had access to the site for a very long time. Some accounts were compromised for over an hour, even while Twitter was deleting the scam posts that were being made from the accounts.
So far, Twitter has not given much of an explanation as to what has been taking place behind the scenes, aside from a Tweet recognizing the potential breach.
"We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly," a statement from Twitter's technical team read.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
According to some reports, the company has taken the drastic measure of blocking all verified accounts from tweeting as they continue to work on figuring out what the problem is. Currently, some verified users are able to tweet again, but others are not.
This is BuzzFeed News reporter @Walldo on my old alt account. It appears that no blue checkmarks are able to tweet right now as Twitter chaos continues.
— Brandon Wall (@brandontwall) July 15, 2020
Blue checks trying to communicate through retweets pic.twitter.com/FIbBmWH4j8
— Andrew Roth (@RothTheReporter) July 15, 2020
A campaign aide for Biden said that the candidate’s account was “locked down” immediately. “We remain in touch with Twitter on the matter,” the aide told CNN.
A spokesperson for Bill Gates also described the incident as “part of a larger issue that Twitter is facing.”
In each of the tweets, the compromised accounts posted messages requesting that followers send $1,000 in Bitcoin to a specific wallet address and they would get double that amount in return. The messages said that they were feeling generous and wanted to share their wealth, but if this was the case, then why would they require an initial deposit, why not just send the money out to people who need it?
A telltale sign of a scam is someone promising a huge return on an investment, especially when someone claiming to be rich is asking for your donation or upfront deposit.
Twitter CEO Jack Dorsey has been a huge supporter of Bitcoin and cryptocurrency. His company Square allows the purchasing of Bitcoin through Square's banking app, the Cash App.