A massive and unprecedented cyberattack took place on Wednesday, July 15, on the social media platform, Twitter. Major companies and individuals’ Twitter accounts have been compromised in a bitcoin scam aimed at earning money. In a series of coordinated attacks, scammers asked users to send money to a bitcoin wallet. The tweets claimed that their owners would double and send back the amount of any payment made to the address, which is a well-known cryptocurrency scam technique.
The hacked accounts include those of Barack Obama, Elon Musk, Kanye West, Joe Biden, Bill Gates, Michael Bloomberg, Apple, Uber, Jeff Bezos, Jack Dorsey, and others.
The first accounts to be hacked were those of Elon Musk, Apple, and Joe Biden. Then the accounts of Jeff Bezos, Bill Gates, Uber, CashApp, Mike Bloomberg, and Barack Obama followed.
Bill Gates’ spokesperson said, “We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account.”
The accounts belonging to Binance, Ripple, Gemini, CoinDesk, and other major cryptocurrency companies have also been compromised, but the messages posted by scammers were a bit different.
The social media giant acknowledged the issue after an hour at 2:45 PM ET by tweeting on its Support page:
Shortly after the attack happened, Twitter made sure to lock compromised accounts and block new tweets from verified users, regardless of whether they’ve been compromised or not. In the evening, Twitter claimed that most tweeting should be back to normal.
All tweets from the Apple account have been deleted. Most likely, the hackers did not hack the user accounts themselves, they somehow managed to get access to the admin panel of the social network. Because of this, Twitter shares have already dropped 4%. And, perhaps, this is not the limit.
It is still unclear how exactly the attack happened or what Twitter’s systems have been compromised. Later in the evening of that day, the social media platform revealed that internal employee tools were used for the hack. That is probably why even accounts with two-factor authentication were compromised.
Accessing this internal portal would have required gaining the credentials of a Twitter employee or finding a security loophole in the login system. This way, a cybercriminal could have been able to change the email address associated with the account, and then change the password and take over the account completely.
The main blockchain address used in this scam had already gathered more than 12.5 bitcoin, which equals $116,000.
Earlier this year, more than ten Twitter account belonging to NFL teams were hacked as well.
Twitter CEO Jack Dorsey later tweeted about the incident:
In fact, his kind of hack that Twitter experienced is really common. Scammers take over Twitter accounts to steal money from users under the guise of doubling their “investment.” Therefore, the Internet Protocol team does not recommend anyone transfer any funds, including cryptocurrency, to scammers. Please do not fall for the tricks of cybercriminals.