Hack Alert: Cybercriminals Take Over Popular Twitter Accounts to Expose Users to a Bitcoin Scam

What do you need to do if you want to make more than $100 thousand in a few short hours? Provided you're not bothered about things like breaking the law and potentially going to jail if you get caught, it's not that difficult at all. You just need to hijack some popular accounts on Twitter and run a bitcoin scam of unprecedented proportions.

Yesterday, hackers attacked some of Twitter's most influential users. Among the victims were politicians Barack Obama, Joe Biden, and Mike Bloomberg, entrepreneurs Elon Musk, Jeff Bezos, and Bill Gates, musicians Kanye West and Wiz Khalifa, as well as Apple's and Uber's corporate accounts. Quite a few cryptocurrency-related accounts were also hijacked, and they were all harnessed in what is a decidedly simple bitcoin scam.

You give me one bitcoin, and I’ll give you two bitcoins

The hackers used the compromised accounts to promise millions of followers money in exchange for processing a cryptocurrency transaction. Users were told that if they send some bitcoins to an address specified in the tweets, they will receive double that amount in their own wallets shortly thereafter. Apart from the fact that some accounts quoted the COVID-19 crisis as the reason for the giveaway while others claimed that it's done out of pure generosity, all the tweets were pretty much the same.

With the cryptocurrency-related accounts, the hackers adopted a slightly different strategy. Instead of advertising the giveaway in a tweet, they linked recently registered domains that pushed the same scheme with the same bitcoin address.

It wasn't the first scam of this type, but it's fair to say that it had never been done on such a scale before. To give people a sense of urgency, most of the tweets claimed that the giveaway would last for 30 minutes only, and this seems to have paid off.

Naïve users send more than $100 thousand worth of cryptocurrency to the scammers

The attack was certainly unprecedented, but there was nothing innovative about the scam itself. The hackers didn't even bother to use multiple bitcoin addresses in order to cover their traces more efficiently.

You'd think that the lack of sophistication, coupled with the fact that people should really know by now that "money-for-nothing" schemes on the internet don't work, would turn this into a blown opportunity for the hackers. This is not quite the case.

Because the hackers used a single bitcoin address, it's pretty easy to see how much money people have sent. According to Blockchain.info, as of the time of writing, the incoming transactions to the crooks' bitcoin wallet total 12.8 BTC or around $117 thousand. Some might argue that given the enormous number of potential victims, this isn't that much, but considering the fact that some of the scam tweets were removed mere minutes after they were posted, it's not a bad paycheck.

Twitter: It was a social engineering attack against our employees

Twitter did act quickly, which, given the large number of high-profile accounts that were involved, shouldn't really be a surprise. The tweets were deleted immediately, and for a few hours, some of the account owners remained unable to tweet or reset their passwords while the microblogging platform's security team cleaned up the mess.

Not surprisingly, people were wondering how the hackers managed to get in, and many remembered the day when Twitter announced that it had accidentally pasted the plaintext passwords of all its 330 million users in an internal file. Back then, the social media platform asked all users to change their passwords, though it did point out that only employees had access to the login data. We've seen no evidence of any leaks because of the bug, but when prominent people started pushing the bitcoin scam yesterday, some security professionals thought that maybe, the passwords might have found their way to the outside world after all. It turned out, however, that May 2018's bug had nothing to do with it.

The investigation is still ongoing, but Twitter's support team has already announced that the hackers organized "a coordinated social engineering attack" against some of the social media's employees. Indeed, shortly after the first scam tweets were posted, some screenshots appeared, suggesting that although the hackers had no access to the compromised accounts' passwords, they controlled a backend tool that could post on behalf of the victims. According to Motherboard sources, the crooks may have gained access to these tools after bribing a Twitter employee.

Whatever the case, if you've ever wondered how much influence social networks have on people's lives, this should be a pretty good example. Owners of prominent Twitter and Facebook accounts must know that every word they post can elicit all manner of reactions from their followers and fans, and they must take this responsibility very seriously. Social media users must learn not to trust everything they see on the internet, even when it appears to be coming from people they admire.

Twitter, in the meantime, has a lot of investigation to do, and many lessons to learn.