Twitter Hack: ‘Coordinated Social Engineering Attack’ on Employees Led to Bitcoin Scam
A massive scandal occurred on micro-blogging service Twitter yesterday as hacker/s took over popular cryptocurrency and technology accounts to patronize a Bitcoin scam.
Hacked
Early on Thursday, crypto-exchange Binance tweeted they “partnered up with an organization called CryptoForHealth and that they would be “giving back 5000 BTC to the community.”
Similar messages were put out minutes apart by Coinbase, Gemini, Vitalik Buterin, Tron, Ripple, and several other prominent Twitter accounts in the crypto-sphere.
The tweets have since been deleted. Some unaffected account tweets speaking of the matter remain live:
https://twitter.com/tylerwinklevoss/status/1283492017041965058
The attack spread over to some of the most influential and powerful verified accounts in the world, such as Joe Biden, Elon Musk, George Wallace, Bill Gates, Kanye West, Kim Kardashian, Wiz Khalifa, Warren Buffett, Mike Bloomberg, Barack Obama, and Jeff Bezos.
Business accounts from Uber, Twitter Support, Coindesk, and many others were also affected.
All the tweets were similar; compromised account said they were running a Bitcoin giveaway, ultimately pocketing north of $118,000 (12.5 BTC).
Musk Balloons Hacker Wallets, Tron Founder Issues Bounty
The stimulus arose after Tesla CEO Elon Musk witnessed the hack. Users sent over 3.64 Bitcoin, worth $34,000 after Musk posted the scam giveaway. Prior to Musk’s account being hacked, the wallet had only received 0.6527 Bitcoins after being posted on the hacked accounts of numerous exchanges.
Tron founder Justin Sun and the Tron Foundation both had their accounts hit. Sun has since launched a bounty campaign of $1 million to nab those related to the scam:
“We are working closely with Twitter to resolve this issue immediately and return our accounts to normal. We are always vigilant in handling our accounts; operating safely and responsibly — taking the security of our accounts to the highest standards possible.”
He added the incident “illuminates the urgent need for our society to adopt decentralized, trustless software, and services.”
Twitter Alleges “Social Engineering” Attack
Meanwhile, Twitter has responded to the incident early on July 16. It’s support team tweeted:
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.
— Twitter Support (@TwitterSupport) July 15, 2020
They later added, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweets on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it, said Twitter.
For now, all “verified” user accounts have been blocked to prevent any untoward incident: “We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.”
Investigations are ongoing and updates will be made soon.