At least a dozen Twitter accounts belonging to the world’s most wealthy and influential people were taken over Wednesday in an unprecedented attack on the platform designed to promote a suspected cryptocurrency scam. The culprits, as yet, are unknown.
Joe Biden, Bill Gates, Barack Obama, Apple, Uber, Kanye West, Elon Musk, Jeff Bezos, Wiz Khalifa, and even Kim Kardashian West saw their accounts tell hundreds of millions of followers to send Bitcoin money to a certain wallet address if they wanted to see their money doubled in a giveaway of up to $10 million.
“I am giving back to my fans. All Bitcoin sent to my address below will be sent back doubled. I am only doing a maximum of $10,000,000. bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. Only going on for 30 minutes!” the tweets read. Musk’s account, which has been the victim of imitators hawking Bitcoin wallets before, sent three tweets promoting this one and replied once to Bill Gates.
People sent almost $110,000 to the account listed within a couple hours of the fraudulent tweets going up, according to The Verge.
According to Twitter, the hackers used employees’ corporate accounts to gain access to internal tools with vast capabilities. The hijackers used “social engineering,” where malicious actors trick account owners into divulging sensitive information like login credentials, to wrest control from the employees themselves.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools...” the social media giant said. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
CEO Jack Dorsey acknowledged that it had been a “tough day” for Twitter late Tuesday. “We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened,” he tweeted.
A Biden campaign official told The Daily Beast, “Twitter locked down the account immediately following the breach and removed the related tweet. We remain in touch with Twitter on the matter.”
A representative for Gates said in a statement to Recode, “We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account.”
The hack also affected his other company, Square, when its popular CashApp Twitter account pushed the Bitcoin scam.
Twitter temporarily locked down an unspecified number of verified accounts in response to the incident, potentially leaving health organizations and emergency management agencies unable to put out statements on the platform amid the ongoing coronavirus pandemic. The National Weather Service in Lincoln, Illinois, was hit by the lockdown in the middle of a tornado warning.
“We’re in the middle of it right now—middle of the storm, middle of this situation on Twitter,” Chris Miller of the Central Illinois National Weather Service told The Daily Beast.
“If anybody has a feed through twitter, they’re not getting information,” he said. “We’ve had so many warnings this evening I can’t even count—flash floods, severe thunderstorm warnings, high winds, tornado, all kinds of severe warnings this afternoon.”
When asked about the widespread blocking, a Twitter spokesperson sent a tweet from the company’s security account: “You may be unable to Tweet or reset your password while we review and address this incident.” Some verified Twitter accounts were apparently back up and running a couple of hours after the lockdown.
Sources cited by Motherboard said the social media giant was also deleting screenshots of an internal administration tool being circulated among hackers. One source said the tool had apparently played a role in the account takeovers.
The FBI’s San Francisco Bureau said it was “aware of today’s security incident” and advised the public not to send money to the Bitcoin wallet in the tweets.
The hijackers also took over prominent accounts in the cryptocurrency industry, including Coinbase, the largest trading platform for Bitcoin and other digital currencies.
Most quickly deleted the tweets. The domain registrar used by the scammers told TechCrunch the company removed the URL after it was reported Wednesday.
Experts say it’s not at all surprising that a slew of influential figures were the ones targeted in the attack.
“Crypto-scams are nothing new and have been around essentially since the technology was created. Scammers commonly rely upon impersonating celebrities to feign credibility and wealth when pedaling these ploys,” said Brenna Smith, a cryptocurrency researcher who writes the CryptOsint newsletter for Bellingcat.
But in this case, the hackers were somehow able to go above and beyond their usual MO of using fake accounts.
“This mass hack was unprecedented in the crypto-world because of the coordinated and systematic hijacking of verified accounts on a major social media platform,” Smith said.
Scammers frequently use accounts imitating Musk, one of the accounts hit by the latest hacking scam, in order to promote schemes purporting to pay back double the amount Bitcoin users send to a given address and have hit platforms ranging from Twitter to YouTube. Hoax artists perpetrating the double-your-money hoaxes have netted at least $2 million in bitcoin since the schemes first began, according to bitcoin.com.
In 2019, hackers pulled off a similar attack against Twitter co-founder and CEO Jack Dorsey. In that case, hackers gained access to Dorsey’s account through his mobile provider, AT&T. It’s unclear how, exactly, the hackers managed to get the company to give them access to his phone number on a different device, but once in control of the number they were able to send tweets via an outdated service that allowed users to tweet by sending text messages.