Bitcoin fraudsters targeted the Twitter accounts of Elon Musk, Bill Gates, Kanye West, Barack Obama, and other famous tech managers, entertainers, and politicians on Wednesday. Apple, Uber, and other companies were also involved in the sprawling hack that Twitter later attributed to a social engineering attack on its employees.
Twitter accounts with millions of followers appeared to have been compromised, raising concerns as to whether the company was doing enough to protect the security of its users. While cryptocurrency fraud is not a new problem for Twitter, the size of the attack on Wednesday is unusual.
“I feel generous about Covid-1
Similar tweets were sent through the Twitter account of Gates, the billionaire philanthropist and Microsoft co-founder. “I will double all payments sent to my BTC address for the next 30 minutes. They will send $ 1,000, I will send you back $ 2,000,” was the deleted tweet.
The scam tweets disappeared regularly and reappeared only a few minutes later.
A Gates spokesman confirmed that the tweet was not sent by the billionaire.
“We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger problem that Twitter is facing. Twitter is aware of this and is working to restore the account,” the spokesman said in a statement .
Obama’s report tweeted a similar message shared by Musk and Gates. In a tweet sent to his 120 million followers, Obama’s report tweeted that he would give something back because of the novel corona virus, and he would double the total bitcoin sent to his address for the next 30 minutes.
It was not immediately clear how the hack was carried out or how many accounts were affected, although Twitter provided an update late Wednesday that indicated that the hack’s investigation during the ongoing investigation was the result of a “coordinated social network” was a technical attack. ”
“We have found that we believe it is a coordinated social engineering attack by people who have successfully attacked some of our employees with access to internal systems and tools,” Twitter said in a tweet. (Tips for securing your Twitter account can be found here.)
But in the first two hours of the hack, Twitter still didn’t have the incident under control. In a tweet, the company said some users may not be able to tweet or reset their password while reviewing and addressing the problem. Twitter also removed tweets from screenshotsthat may have been used in the attack.
Jack Dorsey, CEO of Twitter, tweeted Wednesday night that it would be “a tough day for us on Twitter” and promised to share the company’s results once the hack’s diagnosis is complete.
Some users who tried to tweet received an error message. This only seemed to apply to verified users with “blue checks”.
“This request appears to be automated. To protect our users from spam and other malicious activity, we cannot do this now. Please try again later,” the message said. Twitter didn’t answer questions about whether only verified accounts couldn’t tweet.
Twitter has now lifted this restriction. Users with verified accounts can now tweet again, but Twitter support indicated that functionality can “come and go”.
“We’re working to get things back to normal as soon as possible,” was the tweet.
The scam tweets end with a link that unsuspecting readers can send Bitcoin to. As of Wednesday afternoon, a sample of the BTC address from the tweets shows that a total of 12.30776555 BTC has been received, which is approximately $ 113,572.
The Wednesday hack is not the first time that Twitter accounts have been compromised by fraudsters. Hackers in 2018. Twitter said hackers were using a third-party marketing service, not its own system, for the attack. Twitter then banned cryptocurrency ads, but that didn’t stop fraudsters from returning to the platform.
Evenwasn’t immune to hacking. In 2019, Dorsey’s account was compromised and the hackers tweeted sexist, racist, and anti-Semitic comments. According to Twitter, there was a security issue with Dorsey’s mobile operator that allowed hackers to text and send tweets from his account. In a tactic known as SIM exchange, a hacker bribes an operator of a cellular service provider to change the numbers tied to the SIM card. This enables them to bypass security measures such as two-factor authentication.
Politicians on Wednesday urged others not to fall for the Bitcoin scam, and some turned to Dorsey for answers. Missouri Republican Josh Hawley, a Republican, asked Dorsey in a letter to answer questions such as whether the attack threatened the security of President Donald Trump’s account and its effects on the security of other users.
“I’m concerned that this event is not just a coordinated series of separate hacking incidents, but rather a successful attack on Twitter’s security itself,” he said in the letter. “A successful attack on your system’s servers poses a threat to your users’ privacy and data security.”
Musk and Gates weren’t the only high-profile accounts that appeared to be compromised. Fraudulent tweets appeared in the feeds of Wendy’s fast food chain, Democratic presidential candidate Joe Biden, philanthropist Warren Buffett, musician Wiz Khalifa, Amazon CEO, Jeff Bezos, and celebrity Kim Kardashian. Fraudsters also seem to have targeted athletes like former professional boxer Floyd Mayweather and even a popular parody account for God, as well as cryptocurrency transactions.
“ALL IMPORTANT CRYPTO-TWITTER ACCOUNTS WERE COMPROMISED,” tweeted Cameron Winklevoss, co-founder of Gemini cryptocurrency exchange. “We are investigating and hope to receive more information shortly.”
“WARNING: @ Gemini’s Twitter account has been hacked along with a number of other crypto Twitter accounts,” added Tyler Winklevoss, repeating the concerns of his twin brother and Gemini co-founder. “This has resulted in @Gemini, @coinbase, @binance and @CoinDesk tweeting about a fraud partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are fraudulent.”
Tesla did not immediately respond to a request for comment. In the US, #hacked was the trend along with Bitcoin and #twitterhacked.