2020 Twitter bitcoin scam

Jump to search
2020 Twitter bitcoin scam
A tweet from Apple, which reads "We are giving back to our community. We support Bitcoin and believe you should too! All Bitcoin sent to our addresses will be sent back to you, doubled!" The address is then censored, and below reads "Only going on for the next 20 minutes."
A representative scam tweet, from Apple's account. The Bitcoin (BTC) address has been obscured from the original posting
DateJuly 15, 2020
SuspectsOGUsers

The 2020 Twitter bitcoin scam was a large-scale hacking of Twitter accounts that started on July 15, 2020 at around 20:00 UTC.[1] A number of Twitter accounts, each with millions of followers, were apparently compromised to promote a bitcoin scam.[2] The scam asked individuals to send bitcoin currency to a specific cryptocurrency wallet, with the promise that money sent would be doubled.[3] Based on sources speaking to Vice and TechCrunch, the perpetrators had gained access to Twitter's administrative tools so that they could alter the accounts themselves and post the tweets directly, with the access gained either possibly through paying off Twitter employees to use the tool, or from a compromised employee's account to access the tool directly.[4][5]

As of July 15, 2020, more than BTC 12 had been sent to one of the addresses involved, the equivalent of more than US$110,000.[6] Minutes after the tweets were posted, more than 320 transactions had already taken place on one of the wallet addresses.[1]

Context

The first known scam tweet was sent from Elon Musk's Twitter account at 20:17 UTC on July 15, 2020.[7] Other apparently compromised accounts included those of individuals such as Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, MrBeast, Michael Bloomberg,[6] Warren Buffett,[8] Floyd Mayweather,[9] Kim Kardashian, and Kanye West,[10][2] as well as companies like Apple, Uber, and Cash App.[11] A number of cryptocurrency Twitter accounts were also targeted, including the accounts of Coinbase, CoinDesk and Binance.[12] Most of the accounts that were accessed in the scam had at least a million followers.[2]

The tweets involved in the scam hack claimed that the sender, in charity, would repay any user double the value of any bitcoin they sent to given wallets, often as part of a COVID-19 relief effort. The tweets followed the sharing of malicious links by a number of cryptocurrency companies; the website hosting the links was taken down shortly after the tweets were posted.[13] While such "double your bitcoin" scams have been common on Twitter before, this is the first major instance of them being used with high profile accounts.[2] Security experts believe that the perpetrators ran the scam as a "smash and grab" operation: knowing that the intrusion into the accounts would be closed quickly, the perpetrators likely planned that only a small fraction of the millions that follow these accounts needed to fall for the scam in that short time to make quick money from it.[2] Multiple bitcoin wallets had been listed at these websites; the first one observed had received more than US$118,000 in bitcoin and had about US$61,000 removed from it, while a second had amounts in only the thousands of dollars as Twitter took steps to halt the postings. It is unclear if these had been funds added by those led on by the scam,[14] as bitcoin scammers are known to add funds to wallets prior to starting schemes to make the scam seem legitimate.[2]

Some of the compromised accounts posted scam messages repeatedly, even after having some of the messages deleted.[15] The tweets were labelled as having been sent using the Twitter web app.[16] One of the phrases involved in the scam was tweeted more than 3,000 times in the space of four hours, with tweets being sent from IP addresses linked to many different countries.[17]

By 21:45 UTC, Twitter released a statement saying they were "aware of a security incident impacting accounts on Twitter", and that they were "taking steps to fix it".[18] Shortly afterwards, it disabled the ability for some accounts to tweet, or to reset their password;[19] Twitter has not confirmed which accounts were restricted, but many users with accounts Twitter had marked as "verified" confirmed that they were unable to tweet.[20][21][22]

Redacted screenshot of the Twitter administrative panel used to conduct the scam.

Afterwards, Vice was contacted by at least four individuals claimed to be part of the scam and presented the website with screenshots showing that they had been able to gain access to a Twitter administrative tool that allowed them to change various account-level settings of some of the compromised accounts, including confirmation emails for the account, which allowed them or others involved to thus gain control of the account through password resets and post the tweets. These hackers told Vice that they had paid insiders at Twitter to get access to the administrative tool to be able to pull this off.[4] TechCrunch reported similarly, in which a person under the handle "Kirk" organized the scam, and had been able to make over US$100,000 from it.[5] "Kirk" was a member of a hacking forum called "OGUsers" ("OG" standing for "Original") used to trade compromised social media accounts. Earlier on July 15, "Kirk" started offering to gain any requested Twitter handles in exchange for Bitcoin, using his means of access to the Twitter administrative tool to take the requested account over. However, "Kirk"'s strategy changed later in the day to using the tool directly to send out the scam messages from the most popular accounts, starting with Binance. TechCrunch's contact was unsure if "Kirk" had direct access to this tool via a compromised Twitter employee account, but did not believe "Kirk" had help from an employee.[5]

Vice's and TechCrunch's sources were corroborated from other security researchers who had been given similar screens, and tweets of these screens had been made, but Twitter removed these since they revealed personal details of the compromised accounts. Twitter subsequently confirmed that "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."[4][23] In addition to taking further steps to lock down the verified accounts affected, Twitter said they have also begun an internal investigation and have limited employee access to their system administrative tools as they evaluate the situation.[24]

Reaction

Affected users retained the ability to retweet content, leading NBC News to set up a temporary non-verified account so that they could continue to tweet, retweeting "significant updates" on their main account.[25] Joe Biden's campaign stated to CNN that they were "in touch with Twitter on the matter", and that his account had been "locked down".[1]

During the incident, Twitter, Inc.'s stock price fell by 4% after the markets closed.[26] Later that night, Twitter CEO Jack Dorsey posted, saying it was a "tough day for us at Twitter. We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened".[9]

References

  1. ^ a b c Iyengar, Rishi (July 15, 2020). "Twitter accounts of Joe Biden, Barack Obama, Elon Musk, Bill Gates, and others apparently hacked". CNN Business. Retrieved July 15, 2020.
  2. ^ a b c d e f "Musk and Gates 'hacked' in apparent Bitcoin scam". BBC News. July 15, 2020. Retrieved July 15, 2020.
  3. ^ Sheth, Sonam (July 15, 2020). "Former President Barack Obama's Twitter account appears to have been hacked as part of a cryptocurrency scam". Business Insider. Retrieved July 15, 2020.
  4. ^ a b c Cox, Joseph (July 15, 2020). "Hackers Convinced Twitter Employee to Help Them Hijack Accounts". Vice. Retrieved July 15, 2020.
  5. ^ a b c Whittaker, Zack (July 15, 2020). "A hacker used Twitter's own 'admin' tool to spread cryptocurrency scam". TechCrunch. Retrieved July 15, 2020.
  6. ^ a b Leswing, Kif (July 15, 2020). "Hackers appear to target Twitter accounts of Elon Musk, Bill Gates, others in digital currency scam". CNBC. Retrieved July 15, 2020.
  7. ^ Statt, Nick (July 15, 2020). "Barack Obama, Joe Biden, Elon Musk, Apple, and others hacked in unprecedented Twitter attack". The Verge. Retrieved July 15, 2020.
  8. ^ Holmes, Aaron; Leskin, Paige (July 15, 2020). "Hackers took over dozens of high-profile Twitter accounts including those of Barack Obama, Joe Biden, Elon Musk, Kim Kardashian, and Apple and used them to post bitcoin scam links". Business Insider. Retrieved July 15, 2020.
  9. ^ a b Frenkel, Sheera; Popper, Nathaniel; Conger, Kate; Sanger, David E. (July 15, 2020). "A Brazen Online Attack Targets V.I.P. Twitter Users in a Bitcoin Scam". The New York Times. Retrieved July 16, 2020.
  10. ^ Woodward, Alex (July 15, 2020). "Elon Musk, Apple, Bill Gates, Kanye West and more hacked by cryptocurrency scam". The Independent. Retrieved July 15, 2020.
  11. ^ Ingram, David; Collier, Kevin. "Biden, Gates, Musk: Bitcoin scam breaches some of world's most prominent Twitter accounts". NBC News. Retrieved July 15, 2020.
  12. ^ Whittaker, Zack. "High-profile Twitter accounts simultaneously hacked to spread crypto scam". TechCrunch. Retrieved July 15, 2020.
  13. ^ Sheth, Sonam (July 15, 2020). "Former President Barack Obama's Twitter account appears to have been hacked as part of a cryptocurrency scam". Business Insider. Retrieved July 15, 2020.
  14. ^ Mac, Ryan; Lytvynenko, Jane (July 15, 2020). "Joe Biden, Elon Musk, And Barack Obama's Twitter Accounts Were Hacked In A Bitcoin Scam". Buzzfeed News. Retrieved July 15, 2020.
  15. ^ Price, Rob (July 15, 2020). "Some of the world's biggest Twitter accounts are hacked. Here's what we do and don't know about what's going on right now". Business Insider. Retrieved July 15, 2020.
  16. ^ Frier, Sarah; Tong, Sebastian (July 15, 2020). "Twitter Hack Snags Obama, Biden, Gates Accounts in Bitcoin Scam". Bloomberg. Retrieved July 15, 2020.
  17. ^ "Twitter accounts of Biden, Obama and other prominent figures hacked". The Irish Times. July 15, 2020. Retrieved July 15, 2020.
  18. ^ Twitter Support [@TwitterSupport] (July 15, 2020). "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly" (Tweet) – via Twitter.
  19. ^ Gartenberg, Chaim (July 15, 2020). "Twitter has shut off the ability for some people to tweet after massive hack". The Verge. Retrieved July 15, 2020.
  20. ^ Couts, Andrew (July 15, 2020). "Twitter Finally Blocks the Worst of Us from Tweeting". Gizmodo. Retrieved July 15, 2020.
  21. ^ Sanders, Chris; Driver, Anna (July 15, 2020). "Twitter silences some verified accounts after wave of hacks". Yahoo News. Reuters. Retrieved July 15, 2020.
  22. ^ Gartenberg, Chaim (July 15, 2020). "Twitter has shut off the ability for some people to tweet after massive hack". The Verge. Retrieved July 15, 2020.
  23. ^ @TwitterSupport (July 15, 2020). "Coordinated Social Engineering Attack" (Tweet). Retrieved July 15, 2020 – via Twitter.
  24. ^ @TwitterSupport (July 15, 2020). "Internal Tool Lockdown" (Tweet). Retrieved July 15, 2020 – via Twitter.
  25. ^ Lee, Nicole (July 15, 2020). "Twitter has apparently disabled tweets from verified accounts". Engadget. Retrieved July 15, 2020.
  26. ^ Matney, Lucas (July 15, 2020). "Twitter stock slides after-hours amid scramble to contain high-profile account hacks". TechCrunch. Retrieved July 15, 2020.

This page was last updated at 2021-05-06 09:09 UTC. Update now. View original page.

All our content comes from Wikipedia and under the Creative Commons Attribution-ShareAlike License.


Top

If mathematical, chemical, physical and other formulas are not displayed correctly on this page, please useFirefox or Safari