Earlier today at around 3 p.m. Eastern time, the Twitter accounts of several high-profile individuals, cryptocurrency companies and other brands were taken over by suspected bitcoin scammers. This far-reaching hack was an attempt to get unsuspecting people to transfer bitcoins to an address linked within the tweets of compromised accounts.
From Verified Twitter Accounts such as Barack Obama and Joe Biden to Elon Musk and Bill Gates, a similar message was tweeted repeatedly as users scrambled to delete them. The text for these stated that the individual’s account was “giving back to the community” and promised that if someone sent $1,000 to the address, each one would be returned with $2,000, ending with “Only doing this for 30 minutes.” Similar tweets were also seen on the accounts of major brands, including Apple and Uber, as well as cryptocurrency companies like Coinbase.
So far, it appears that many individuals ultimately believed that the tweets were authentic, despite many Twitter users calling them out as fake even before the company took notice. A closer look at the bitcoin address used in the scam reveals that around 350 transactions have already taken place in just three hours since the first recorded transaction occurred at 3:03 p.m. Eastern time. In that timeframe, the scammers received over 12.8 BTC, totaling nearly $118,000.
Since emerging today, the exact method of the hacks is still unknown, but Twitter stated it was looking into the issue and attempting to fix it. An official tweet from the company’s Twitter account said, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.” Some of the accounts that were hacked also later stated they had multi-factor authentication turned on.
Despite this, numerous people speculated on potential ways the scammers gained access to the accounts, such as user ImNotTheWolf, who posted a theory about hackers gaining access to the “Twitter Panel,” which would require hacking a Twitter admin or employee. With that kind of access, they theorized that the emails and passwords of any hacked account could be changed without their knowledge. Twitter user UnderTheBreach also shared a similar theory in their tweet, which included “likely the panel of the compromised Twitter employee.” Another user, Ankit Panda, posted screenshots revealing a bitcoin wallet thought to be associated with “the neo-Nazi Andrew Auernheimer,” or Weev, who allegedly sent a small amount in BTC to the address.
It seems like the hackers got access to “Twitter Panel”, which is basically hacking one of the Twitter admins/employees. This gives direct admin access to accounts and allows individuals to chance e-mail & password.
— wolf (@ImNotTheWolf) July 15, 2020
While this hack is perhaps the most prominent on Twitter to date, it’s not the first case of social media accounts being hacked to post messages against their owner’s will. In August 2019, the Chuckling Squad Hacks similarly spammed messages on the accounts of popular YouTubers and actors, such as James Charles and Jack Dorsey, that were performed via AT&T sim card replacements.
Alright, a running list of who’s getting hacked on Twitter rn
– Gemini & crypto things i don’t understand
– Cash app
– Elon Musk
– Bill Gates pic.twitter.com/M0MUFdbr5t
— Paige Leskin (@paigeleskin) July 15, 2020
As Twitter scrambled to remedy the attack, several users and other noteworthy accounts also began posting parodies of the message, attempting to make light of the situation. In one such instance, Wendys tweeted out a similar phrase, but swapped the address to “Dave444spicy245nuggets10piece.”
After roughly three and a half hours of the attack hitting the platform, Twitter briefly locked all verified accounts in an attempt to shut down the hacks of such users. Know Your Meme’s own Twitter account confirmed this and was unable to post later in the afternoon as the story unfolded and received widespread coverage from media outlets across the web. The accounts have since been restored.
all of unverified twitter pic.twitter.com/sFJltaj6C7
— Annie Palmer (@annierpalmer) July 15, 2020