Bitcoin Twitter hack: What happened and who was targeted?

Criminals targeted multiple high-profile celebrities and companies in an unprecedented Bitcoin scam
Ewan Somerville16 July 2020

If you were on Twitter late last night, you’ll have noticed it was far from a familiar place.

Every blue-check verified account was blocked from tweeting, and while some rejoiced in this fact and made light of it, the situation was more serious.

Criminals had targeted Twitter with an unprecedented Bitcoin scam, infiltrating scores of celebrity accounts.

So what exactly happened and what do we know so far? Here’s everything you need to know.

The Twitter accounts of a number of big names were targeted as part of the hack

What was the Bitcoin Twitter hack?

The Bitcoin scam saw dozens of high-profile accounts send tweets urging users to transfer $1,000 (£794) with a link to a Bitcoin address.

In return, users were promised that their money would be doubled to $2,000 and returned to them.

Bitcoin, often termed as a cryptocurrency, a virtual currency or a digital currency, is a type of money that is completely virtual.

The hackers tweeted the same Bitcoin address across multiple Twitter accounts, with only minor variations to the wording of each tweet, such as saying they felt “generous” or wanted to “give back”.

A tweet on the account of Microsoft founder Bill Gates, for example, read: "Everyone is asking me to give back… You send $1,000, I send you back $2,000."

As Twitter bosses scrambled to stop the far-reaching hack, extraordinarily by 20:30 EDT (00:30 GMT Thursday) every verified account was blocked from tweeting for around three hours.

Who was targeted?

A lot of people, with millions and millions of followers, most of them US-based.

Billionaires Elon Musk, Jeff Bezos and Bill Gates, to name a few, along with Warren Buffett, Kanye West, Kim Kardashian, Joe Biden, Wiz Khalifa and Floyd Mayweather.

Former US president Barack Obama was among those targeted.
Twitter

Top global corporations with millions of followers were also breached, including the official accounts of Apple and Uber.

The hacker(s) appears to have targeted very famous accounts that would spread the scam as far as possible in as short a timeframe as possible, dubbed a digital “smash and grab” by some commentators.

Given the amount of access they managed to gain, the hackers could have done much more damage to the reputations of the figures involved. However, they would have known the tweets would have been deleted hastily - and they were - so gaining quick cash seems to have been the overriding aim.

That said, the Bitcoin tweets on some accounts, such as Kim Kardashian's, stayed up for more than an hour and we don’t know yet how much private information the hackers managed to steal.

As of yet, it’s unclear who was responsible, however, sources close to or inside the hacking community told VICE that a Twitter insider was responsible, with one saying they paid the insider. These reports are unconfirmed.

What has Twitter said in response to the security breach?

The attention has quickly turned to Twitter, given it seems likely that the hackers breached the firm’s central security systems, essentially giving them admin rights to go after any account they wanted.

Twitter’s support account initially tweeted at 10.45pm GMT on Thursday to say they were “aware of a security incident” and warning verified users they “may be unable to Tweet or reset your password while we review and address this incident”.

Marten Bjork / Unsplash

These sweeping restrictions were not lifted until three hours later, at 1.41am.

The social network's co-founder, Jack Dorsey, tweeted: "Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."

Twitter has now said in a statement that its investigation is “still ongoing”, adding: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

Twitter CEO Jack Dorsey said he feels terrible about what has happened
AFP via Getty Images

“Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

“We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

“This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

“We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.”

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in