On Wednesday, July 15, 2020, a number of high profile Twitter accounts were hacked in a “coordinated social engineering attack”. The hackers targetted employees with access to the “internal system and tools“ and used that to their advantage. Some of the accounts that were targetted had followers in millions, they used these accounts to launch a cryptocurrency scam. The accounts that were hacked included those of Elon Musk, Apple, Jeff Bezos, Bill Gates, Brack Obama, Joe Biden, Kim Kardashian West, Wiz Khalifa, Uber, Wendy’s Mike Bloomberg, MrBeast, CashApp and Warren Buffet.
The hackers initially posted a message on the compromised accounts of Elon Musk, Apple, and Joe Biden and after a few hours on the others. The message mentioned that any amount of money sent in the form of Bitcoin to the mentioned wallet address would be doubled and returned to the sender, this a well-known cryptocurrency scam. The hackers also targetted Bitcoin trading sites like CoinBase, Binance, Coindesk, Ripple, and Bitcoin. Initial tweets said that “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a website. The hack remained quite mysterious even after hours as the tweets came from official twitter handles of a number of famous people and companies.
Twitter’s CEO later Tweeted “Tough day for us at Twitter. We all feel terrible this happened.” Twitter had to take drastic actions to stop this, they initially said that they were looking into the security breach. Later on, they suspended activities like Tweeting, changing passwords, and other functionalities all together for verified accounts. The functionalities returned back to normal by 20:30 EDT (00:30 GMT Thursday) but were said that they might come and go as the team was working on a fix. Dmitri Alperovitch, co-founder of CrowdStrike, a cybersecurity company said that this appears to be the worst hack of a major social media platform as of now.
The identity of the perpetrators is unknown as of now as no one has claimed responsibility, but it is known that they had access to tools used by the companies employees. The tools in question enable the user to control the access to an account, changing email and passwords for the account and even suspending it altogether. It is hypothesized that the hacker got access to tools by compromising an account for a Twitter employee and used it to gain access to the internal controls. Scams like these have occurred in the past as well as they are quite common, but Wednesdays hack was quite unprecedented.
The exact amount of how much money was scammed from people is unknown but it is estimated that it was more than $100,000 in a few hours. Hackers and scammers tend to add stolen funds to their Bitcoin wallets as they do not fall under the same categories of that of a bank account. As mentioned before the people behind this are still unknown but their motives were quite clear. They wanted to make as much money as possible in the shortest amount of time before their hack was identified. They could have done quite a lot of damage as the targetted accounts had influenced millions if not billions of people.
People who have lost their Bitcoins are quite furious and have questions regarding how Twitter could let this happen. Cameron Winklevoss, who is the world’s first Bitcoin billionaire tweeted warning on Wednesday saying that this is a “scam” and people should not participate in this. Security experts suggest that such a large number of accounts being breached at once shows that there is a bigger problem with Twitter upon which they need to work.