High‑profile Twitter accounts hacked to promote Bitcoin scam


Tech titans and prominent politicians among victims of a sprawling hack that Twitter says leveraged its internal tools.

Twitter is reeling from what is arguably the biggest security breach in its history after the accounts of a long list of high-profile figures – including Barack Obama, Joe Biden, Elon Musk, Bill Gates and Jeff Bezos – were hijacked and used to promote a Bitcoin scam.

The spate of attacks started late on Wednesday, with one of the first suspicious tweets then fired off from the account of the Tesla and SpaceX CEO. The now-deleted tweet followed a familiar pattern, bringing echoes of cryptocurrency scams that used Musk’s name and promised to return double the amount of bitcoin sent:

“I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” read the message that appeared on Musk’s account.

RELATED READING: What to do if your Twitter account has been hacked

A flurry of similar tweets were also sent out from the other hijacked handles; apparently, some people fell for the ploy, since one of the cryptocurrency addresses has, as of the time of writing, received 12.86 BTC (some US$117,000).

The social media giant took a number of steps to swiftly remedy the situation. This included temporarily locking all compromised accounts, with Twitter stating that it would restore access only when it could do so securely. In short order, the company went on to take the unprecedented step of temporarily locking down all verified accounts, i.e. accounts marked by a blue tick.

All the while, Twitter sought to keep everyone appraised by maintaining a steady stream of tweets informing about the developing situation. Eventually, the company started restoring functionality to the accounts, allowing them to tweet again.

So, how did it all happen?

Obviously the key question that screams for an answer is: “How was the massive hack executed?” According to the microblogging site, the incidents were caused by a social engineering attack on its employees:

Meanwhile, a Motherboard article seems to suggest that there may be more to the story, as several confidential sources from the black-hat community told the site that they had actually paid a Twitter insider to do the job.

In response, a Twitter spokesperson told Motherboard that the company was looking into whether the employee had possibly hijacked the account themselves or provided the cybercriminals with access to the tool.

RELATED READING: Insider threats: A persistent and widespread problem

ESET Security Specialist Jake Moore put the issue into a broader context: “Acting like a help desk, these employee accounts were enabled to use a specific admin tool and do whatever they wanted, which is likely to be a problem for many businesses. Some organizations lend an incredible amount of trust to certain employees. However, although they may be trusted not to compromise an account themselves, it must be taken into consideration that the employees will be targeted by criminal hackers.”

He also had some advice to share urging Twitter users to watch out for online scams: “When a message seems too good to be true it probably is, regardless of who has posted it. Bitcoin doubling schemes are synonymous with the criminal fraternity and must be avoided and reported where possible.”

written by Amer Owaida, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s