Last night local time, prominent and verified Twitter accounts from personal and corporate accounts started tweeting asking users to send them Bitcoin and that users would then receive twice the amount they sent.
“I’m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!”
This was clearly a crypto scam.
WARNING: @Gemini's twitter account, along with a number of other crypto twitter accounts, has been hacked. This has resulted in @Gemini, @Coinbase, @Binance, and @Coindesk, tweeting about a scam partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are SCAMS.
— Tyler Winklevoss (@tyler) July 15, 2020
Also, billionaires getting philanthropic was a red flag for some people.
i knew it was a scam for sure when i saw this pic.twitter.com/JrVKHKdMQ7
— skipper jawnston (@lendamico) July 15, 2020
https://twitter.com/bry_campbell/status/1283518143227400200
hackers made a bunch of billionaires say "I'm giving back to my community" like that's not the secret phrase they'd already set up to let us know they've been kidnapped https://t.co/oCRENnkzyg
— maura quint (@behindyourback) July 15, 2020
I hope amidst all of this it doesn't get lost that the scam was to pretend that during a massive health and economic crisis the richest people on the planet said that they'd give away a few thousand dollars.
— Some More News (@SomeMoreNews) July 16, 2020
The hackers got access to accounts belonging to Bill Gates, Elon Musk, Kim Kardashian, Apple, CashApp, Kanye West, Joe Biden, Barack Obama, Uber, Warren Buffett, Jeff Bezos, Benjamin Netanyahu and Mike Bloomberg.
A load of verified(!) accounts in the world of cryptocurrency were all simultaneously hijacked to spread a scam. The idea that verifying your accounts makes it more secure.. well…
Accounts hijacked: @binance, @CoinDesk, @coinbase, @Gemini, @kucoincom and many more…
— Yonathan Klijnsma (@ydklijnsma) July 15, 2020
Users on Twitter quickly tweeted that Twitter should shut down the platform.
I don't get why they don't shut down the site right now.
— Josh Barro (@jbarro) July 15, 2020
https://twitter.com/stevekovach/status/1283513247149297675
Twitter finally tweeted a statement that they were investigating.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Support (@Support) July 15, 2020
Most users thought that the hacked accounts didn’t implement 2-factor authentication on their handles but that was not the case.
It seems like some Twitter API posting service has been compromised and being used to send out fake "giveaway" tweets from popular crypto/blockchain accounts. "CryptoForHealth" is a scam.
No way are all these accounts unprotected by strong passwords and TOTP 2FA
— Andreas (aantonop Team) (@aantonop) July 15, 2020
Terminology clarification:
The accounts are not being individually hacked as traditionally reported.The Twitter authorization system is being hacked or employee access abused for Account Takeover.
You could argue this is semantics, but at least to me there is a difference.
— SwiftOnSecurity (@SwiftOnSecurity) July 15, 2020
Rumours started floating around
Rumors suggesting a Twitter employee with access to the user management panel was targeted. That would explain why none of the tweets appear to be coming from a 3rd party app and even affected accounts with 2FA.
— Mikael Thalen (@MikaelThalen) July 15, 2020
https://twitter.com/alexstamos/status/1283597839164047360
Twitter took a necessary step and blocked all 359,000 verified accounts from tweeting. Verified accounts had to go back to their alt accounts to tweet including media accounts that had to post updates and retweet them on their official handles.
You may be unable to Tweet or reset your password while we review and address this incident.
— Support (@Support) July 15, 2020
https://twitter.com/darth/status/1283542812496064512
A major catastrophe flared,
And Twitter was underprepared.
The verifieds fell:
We saw this as well.
Let chaos now reign, we declared.— Limericking (@Limericking) July 16, 2020
For a while, the unverified reigned.
https://twitter.com/omosanzalette/status/1283537111640092672
To all the bluechecks watching in silent horror as we take back what is ours:
You should move to a small town, somewhere the rule of law still exists. You will not survive here.
You are not a wolf, and this is a land of wolves now
— Comfortably Smug (@ComfortablySmug) July 15, 2020
Verified accounts seeing unverified Twitter RISE pic.twitter.com/CzVzmjkctS
— Julian Gamboa (@JulianGumbo) July 15, 2020
Blue checks watching twitter right now. #Hacked pic.twitter.com/R0o00pufY4
— @FredTJoseph BURNER (@BurnerFreds) July 15, 2020
https://twitter.com/jordylancaster/status/1283526184953884673
https://twitter.com/kjhealy/status/1283530219782053889
with no blue checks, high drama on twitter will now be constrained to questionable professional advice for creatives and teens cancelling eachother over problematic ships
— 10,000 Motivated Rats (@bombsfall) July 15, 2020
DONT SILENCE ME! @Twitter pic.twitter.com/1K2Vcp3Has
— Not LIL NAS (@NasMaraj79) July 15, 2020
Well I think we all learned a valuable lesson today pic.twitter.com/58FFi2Dqcn
— Dave Itzkoff (@ditzkoff) July 15, 2020
So what did you do while the verified accounts disappeared?https://t.co/TlggPMY8hQ
— Julian Gamboa (@JulianGumbo) July 15, 2020
Twitter right now pic.twitter.com/Lc4yPxkSEc
— Hubert Vigilla (@HubertVigilla) July 15, 2020
blue checkmark accounts be like "I know a spot" and then pic.twitter.com/9ldkg7Hqvz
— Dane Arden (@DaneFarten) July 16, 2020
Later on, Twitter allowed some verified users to return back to tweeting.
https://twitter.com/Megan_Nicolett/status/1283563478297522176
the deluge of the returning blue checks is worse than predicted
— Zack Seward (@zackseward) July 16, 2020
What Exactly Happened Then?
According to Vice, multiple sources in or around the criminal world provided screenshots of an internal Twitter panel they say is linked to the account takeovers.
So Motherboard is reporting that a Twitter employee was responsible for the hacks today using a tool that allows them to take over accounts.
All it takes is one pissed off Twitter employee to cause an international incident. https://t.co/gn2TCGeBzY
— Greg Price (@greg_price11) July 16, 2020
No amount of information security will ever prevent people from being the biggest vulnerability. https://t.co/vQWrDjVAOu
— Imran Khan (@imranzomg) July 16, 2020
https://twitter.com/dancow/status/1283596293223469056
we spoke to two hackers and we were able to independently verify they were in control of hijacked accounts today. One of them said they paid the Twitter employee to help them take over accounts; not sure on the specifics here at the moment
— Jason Koebler (@jason_koebler) July 16, 2020
Twitter was then removing the images posted on its platform and suspending users who tweeted them out.
https://twitter.com/MarkDice/status/1283572367323623424
https://twitter.com/zackwhittaker/status/1283519321076097025
https://twitter.com/alexstamos/status/1283520780362321920
In all, four sources close to or inside the underground hacking community provided Motherboard with screenshots of the user tool.
Twitter confirmed this.
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
— Support (@Support) July 16, 2020
would love to know more from twitter insiders how this went down.
“Social engineering” is a polite way of saying they tricked or flipped someone. https://t.co/9KAguHbApK
— rat king 🐀 (@MikeIsaac) July 16, 2020
Techcrunch reports that a hacker by the name Kirk had access to the internal panel on Twitter that let them take over control of users accounts.
“Send me @’s and BTC,” referring to Twitter usernames and cryptocurrency. “And I’ll get ur shit done.” reads several screenshots of a Discord chat shared with TechCrunch.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
https://twitter.com/alexstamos/status/1283624808152883200
https://twitter.com/EricaJoy/status/1283623778556116992
The severe disruption to one of the world’s largest social media platforms also highlighted its importance to everyday civic functions.
https://twitter.com/Derrick_Snyder/status/1283529433689792513
While we may think it’s funny unverified accounts were locked out, here are serious consequences here.
Twitter needs to be fully transparent with the public about what happened and what they’re doing to make sure it never happens again. https://t.co/RDszNqZWPw
— Dr. Jess Maddox (@drjessmaddox) July 15, 2020
It scary now that we know anyone can take over these prominent accounts. What happens when other malicious actors other than bitcoin scammers take over – the striking potential of Twitter to incite real-world chaos through impersonation and fraud.
— no context succession (@nocontextroyco) July 16, 2020
As the Twitter accounts of prominent people/companies are hacked, let's take note of how troubling it is for a president to announce policy decisions (including military threats) on a platform susceptible to intrusions
We're one hack away from a major international incident
— Chris Lu (@ChrisLu44) July 15, 2020
If this could happen, what’s not to say someone hacks Trump’s Twitter account and declares war/says they’ve launched an attack, etc?
— Dr. Jess Maddox (@drjessmaddox) July 15, 2020
Twitter reports that the hack targetted 130 user accounts. They didn’t specify if Direct messages were compromised too.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Support (@Support) July 17, 2020
Twitter has temporarily disabled the “Download my Data” feature for everyone.
Authorities such as the FBI and the US Senate Commerce Committee have opened an investigation into the Wednesday hack and the committee has asked Twitter to brief them next week.
The FTC is also likely to begin investigations.
This is a developing story, we’ll keep updating it with new information once it becomes available.
What they are saying:
The biggest risk is that this Twitter hack wasn’t about a bitcoin scam at all, but about something we haven’t seen yet that could be much worse. Hard to know everything the hackers did with their access but hope Twitter is able to find out definitively.
— Sarah Frier (@sarahfrier) July 16, 2020
https://twitter.com/fraying/status/1283594923757862912
What if this is a coordinated effort of some sort to either a) move some money b) discredit Twitter c) create a claim in which you can then argue that powerful people should not be on Twitter?
— Cyan Banister (@cyantist) July 16, 2020
Probably the most dangerous possible kind of social media hack, thankfully used in the dumbest way I can think of. https://t.co/jOTz4Ec7Qu
— Ben Collins (@oneunderscore__) July 16, 2020
It is WAY too early to draw this conclusion. I feel like this is just the series pilot. https://t.co/xgpUK0cLv7
— felix salmon (@felixsalmon) July 16, 2020
Wow… if this is true, then there are some serious authentication issues inside of Twitter. An internal tool like that, for a company the size of Twitter, needs to have rock-solid authentication so that anyone using it is very clearly logged and identified. https://t.co/XvT5z1kc86
— Thomas Baekdal (@baekdal) July 16, 2020
a pretty sobering thing to read given that we’ve collectively outsourced our public square to private companies built for viral advertising where security and privacy are imperfect and constantly under attack https://t.co/EMakN2I6ns
— Charlie Warzel (@cwarzel) July 16, 2020
If we’re starting a nuclear war because of tweets maybe there are bigger problems at hand https://t.co/V790bwBxuC
— Ken Wattana (@KenWattana) July 16, 2020
https://twitter.com/susanthesquark/status/1283596911119757313
https://twitter.com/vladsavov/status/1283631927610626049
This is obviously a huge embarrassment for Twitter.
But, once it's fixed, we'll all move on and keep using Twitter.
Because that's what happens w/ big tech hacks now. Accepted cost of being online.
— Axios Re:Cap (@AxiosReCap) July 15, 2020
This headline strains the definition of "hacker."
Is it hacking to pay an employee for access to a secure system?
They didn't actually break any computer security. They used money.
It's super effective. https://t.co/Qw2yi3ZsxE
— Nash, Now With Flavor Crystals (@Nash076) July 16, 2020
This website should shutdown after 8 p.m. every day, tbh.
— Kalhan (@KalhanR) July 16, 2020
https://twitter.com/Yair_Rosenberg/status/1283514603494871041
https://twitter.com/mpdillon/status/1283533700005801989
