A mass Twitter hack that saw high profile users such as Bill Gates, Elon Musk, and Barack Obama compromised and embroiled in a Bitcoin scam yesterday was a “coordinated social engineering attack” according to the company. Despite having access to the accounts of some of the richest and most powerful people and companies in the world, the hackers only managed to net some ₿13 in what appears to have been a lucky escape for the platform.
Twitter Hack Nets ₿13 for Hackers
The true scale of the Twitter hack is not yet known, but what is understood is that hackers managed to take over the accounts of a number of high-profile individuals and companies, which they used to direct users to a fake website under the pretence of a Bitcoin giveaway. When the website was swiftly blocked by Cloudflare the hackers turned to one of the oldest tricks in the Bitcoin scam book:
Sadly, it seems that many individuals took the scam postings to be genuine and sent cryptocurrency to the addresses in the hope of getting double their money back. The exact amount of money taken is not clear, but according to Chainalysis the primary address used by the scammers has netted them almost ₿13 ($117,000), with ₿4.34 coming from one wallet:
[THREAD] Here’s what we know so far about today’s #Twitterhack & #Bitcoinscam. As of now, the scam’s main BTC address (bc1…0wlh) received ~$120k in donations in 375 transactions. No funds have been cashed out at exchanges yet. pic.twitter.com/Jg9og3CFCz
— Chainalysis (@chainalysis) July 16, 2020
As of last night none of the funds resulting from the Twitter hack have been sent to exchanges for cashing out, with Huobi, Binance (who were also hacked), and other exchanges saying that they were blacklisting the addresses associated with the received funds.
Twitter Reveals “Coordinated Social Engineering” Attack
Twitter were slow to respond to the hack but eventually shut down the affected accounts before investigating what had happened. It became clear fairly early on that the breach was an incredibly serious one, perhaps even an inside job. As usual, various theories behind the Twitter hack emerged before Twitter themselves revealed the cause, blaming “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Once again this illustrates the fact that humans are the biggest point of failure in any security system, and in many ways the world has had a lucky escape. With Twitter seen as the primary method by which some of the world’s most powerful people share their opinions and intentions, the fact that hackers used the unparalleled access obtained by the Twitter hack to try and steal some Bitcoin was almost unbelievable, as Waves founder Sasha Ivanov pointed out:
The hacker could have started the World War 3.
Instead he scammed people out of 2.5 BTC #twitterhack
— Sasha Ivanov (@sasha35625) July 15, 2020
The situation is now under control, with Twitter keeping the impacted accounts locked while their investigation continues. No doubt more information will emerge over time, but it is clear that scammers are becoming more devious and seeking out bigger goals than ever.