Screenshot by Chuck Reynolds/CNET
Bitcoin scammers targeted the Twitter accounts of Elon Musk, Bill Gates, Kanye West, Barack Obama and other famous tech executives, entertainers and politicians on Wednesday in what appears to be a large-scale hack. Apple, Uber and other businesses were also caught up in the sprawling hack, which Twitter later attributed to a social engineering attack on its employees.
Twitter accounts with millions of followers seemed to have been compromised, raising concerns about whether the company is doing enough to protect the security of its users. While cryptocurrency scams aren’t a new problem for Twitter, the size of Wednesday’s attack is unusual.
“I’m feeling generous because of Covid-19,” a now-deleted tweet from Musk’s account reads. “I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!”
This is the scam tweet sent from Bill Gates’ account. (The Bitcoin address has been removed from this screenshot.)
Screenshot by Ian Sherr/CNET
Similar tweets were sent through the Twitter account belonging to Gates, the billionaire philanthropist and Microsoft co-founder. “I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000,” the tweet, which was deleted, read.
The scam tweets would periodically vanish, only to reappear minutes later.
A spokesperson for Gates confirmed the tweet wasn’t sent by the billionaire.
“We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account,” the spokesperson said in a statement.
Obama’s account tweeted a similar message shared by Musk and Gates. In a tweet sent to his 120 million followers, Obama’s account tweeted that he was giving back because of the novel coronavirus and he would double all bitcoin sent to his address for the next 30 minutes.
It wasn’t immediately clear how the hack was conducted or how many accounts were impacted, although Twitter did provide an update late Wednesday indicating that while it’s investigation into the hack was ongoing, it had determined it to be the result of a “coordinated social engineering attack.”
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said in a tweet. (For tips on how to secure your Twitter account, see this CNET story.)
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
But for the hack’s first two hours, Twitter still didn’t have a handle on the incident. In a tweet, the company said some users might not be able to tweet or reset their password as they review and tackle the problem. Twitter also began removing tweets of screenshots showing internal tools that were possibly used in the attack.
You may be unable to Tweet or reset your password while we review and address this incident.
— Twitter Support (@TwitterSupport) July 15, 2020
Twitter CEO Jack Dorsey tweeted Wednesday evening that it was “a tough day for us at Twitter” and promised to share the company’s findings when it completed its diagnosis of the hack.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
Some users who tried to tweet got an error message, this appeared to apply only to verified users with “blue checks”.
“This request looks like it might be automated. To protect our users from spam and other malicious activity, we can’t complete this action now. Please try again later,” the message read. Twitter didn’t respond to questions about whether only verified accounts couldn’t tweet.
Twitter has now removed this restriction. Users with verified accounts are now able to tweet again, but Twitter Support stated that functionality may “come and go”.
Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.
— Twitter Support (@TwitterSupport) July 16, 2020
“We’re working to get things back to normal as quickly as possible,” the tweet read.
The scam tweets end with a link where unsuspecting readers can send Bitcoin. As of Wednesday afternoon, a spot check of the BTC address from the tweets shows a total received of 12.30776555 BTC, roughly $113,572.
The Wednesday hack isn’t the first time that Twitter accounts have been compromised by scammers. In 2018, hackers took control of the verified Twitter accounts of Target and Google’s G-Suite. Twitter said that hackers in that attack exploited a third-party marketing service, not its own system. Twitter then banned cryptocurrency ads, but that hasn’t stopped scammers from coming back to the platform.
Even Dorsey hasn’t been immune from hacking. In 2019, Dorsey’s account was compromised and the hackers tweeted out sexist, racist and anti-Semitic comments. Twitter said there was a security issue with Dorsey’s mobile provider that allowed the hackers to compose and send tweets from his account via text message. In a tactic known as SIM swapping, a hacker bribes an employee of a mobile provider to get them to switch the numbers tied to the SIM card. That allows them to bypass security measures such as two-factor authentication.
Politicians on Wednesday were urging others not to fall for the Bitcoin scam and some reached out to Dorsey for answers. Sen. Josh Hawley, a Republican from Missouri, asked Dorsey in a letter to respond to questions such as whether the attack threatened the security of President Donald Trump’s account and its impact on the security of other users.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” he said in the letter. “A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
Musk and Gates weren’t the only high-profile accounts that appear to have been compromised. Scammy tweets were seen in the feeds for fast food chain Wendy’s, Democratic presidential candidate Joe Biden, philanthropist Warren Buffett, musician Wiz Khalifa, Amazon CEO Jeff Bezos and celebrity Kim Kardashian. Scammers also appear to have targeted athletes, such as former professional boxer Floyd Mayweather and even a popular parody account for God, along with cryptocurrency businesses.
WARNING: @Gemini’s twitter account, along with a number of other crypto twitter accounts, has been hacked. This has resulted in @Gemini, @Coinbase, @Binance, and @Coindesk, tweeting about a scam partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are SCAMS.
— Tyler Winklevoss (@tylerwinklevoss) July 15, 2020
“ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED,” tweeted Cameron Winklevoss, co-founder of the Gemini cryptocurrency exchange. “We are investigating and hope to have more information shortly.”
“WARNING: @Gemini’s twitter account, along with a number of other crypto twitter accounts, has been hacked,” added Tyler Winklevoss, echoing his twin brother and Gemini co-founder’s concern. “This has resulted in @Gemini, @coinbase, @binance, and @CoinDesk, tweeting about a scam partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are SCAMS.”
Tesla didn’t immediately respond to a request for comment. In the US, #hacked was trending along with Bitcoin and #twitterhacked.