Several high-profile accounts on Twitter fell victim to a hacking attack earlier on Thursday; where their accounts tweeted out a popular bitcoin scam. These accounts included those of prominent politicians including presumed democratic presidential nominee Joe Biden and former US President Barack Obama; corporations such as Apple and Uber; business executives like Warren Buffet, Bill Gates and Elon Musk; cryptocurrency exchanges such as Gemini and Coindesk and celebrities like Kanye and Kim Kardashian West.
This coordinated attack is unprecedented, and sent Twitter into a firefighting mode. In a series of tweets, Twitter acknowledged the attack and attributed the breach to be a "coordinated social engineering attack" by people who successfully targeted some of their employees with access to internal systems and tools. The tweets have since been deleted, and the accounts placed under a lockdown.
Bitcoin's ledger shows that the bitcoin address tweeted by these account - that of the scammer - have obtained north of $115,000 till the publication of this story.
Here's what all we know about the attack
Who all were targeted?
A known list of victims include the verified Twitter handles of the following politicians and celebrities, corporate bosses, and companies.
What did the attack include?
The coordinated attack on Twitter hijacked these accounts, and tweeted the following message (or similar) through the compromised handles,
"I am doubling all payments sent the to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000"
BTC is the notation used to represent bitcoin as a currency (similar to what notations like INR or USD are to their respective currencies).
Further, the tweets carried a recipients bitcoin address, and all the handles compromised have similar addresses. Refer to the similarity in BTC address in the screenshots below.
How have Twitter and others responded?
Twitter Support spelt out what they knew in a series of tweet.
The company said that the attack was perpetrated by gaining access to their internal admin system, calling it a "socially engineered", adding that investigations are ongoing.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.— Twitter Support (@TwitterSupport) July 16, 2020
To immediately check the damages and to limit its fallout, Twitter took steps to lockdown these accounts, to restrict activities undertaken by other verified accounts even though they have have no evidence to show that they had been compromised and would only restore these accounts when it felt like it could do so securely.
Earlier, they had restricted some abilities acrosss many accounts, including the ability to change passwords and tweet, but said that most these inhibitions had been restored to a majority of accounts.
They have also made some changes internally.
Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.— Twitter Support (@TwitterSupport) July 16, 2020
Jack Dorsey, Twitter's CEO, also said that Twitter would convey any further updates.
Tough day for us at Twitter. We all feel terrible this happened.— jack (@jack) July 16, 2020
We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
Tyler Winklevoss, of Facebook fame, and who is the CEO of cryptocurrency exchange Gemini, also confirmed the hack and added the BTC address put out by the scammer on its blocklist, so as to their customers do not send money across.
Earlier today, Twitter accounts were hijacked in an attempt to trick individuals into sending bitcoin to addresses owned by the attackers. @Gemini immediately added these addresses to our blocklist to prevent our customers from inadvertently falling victim to this scam. pic.twitter.com/4CRqZiOPRX— Tyler Winklevoss (@tylerwinklevoss) July 16, 2020