Late Wednesday afternoon, Twitter suffered one of its most noteworthy cybersecurity incidents to date. The platform was the target of what appeared to be a massive Bitcoin scamming operation. Hackers (or a hacker) compromised the accounts of countless high-profile users on the site, including the likes of Elon Musk, Bill Gates, former President Barack Obama, Apple, Jeff Bezos, Joe Biden, Kanye West, Mike Bloomberg, Warren Buffett, and many others.
As of this writing, Twitter is working to resolve the issue. However, the question remains—how widespread is this attack, and what does it mean for the platform?
When one high-profile account gets hacked, it is typically enough to cause a stir. Wednesday’s incident is unlike anything Twitter has ever seen. Indeed, it appears to be one of the larger rashes of concurrent high-profile account hijackings in social media history.
While things certainly went on behind the scenes, the first outward sign that something was wrong occurred at 4:17 p.m. ET when Elon Musk’s account sent out a mysterious tweet. It read, “Feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!”
The tweet also included a Bitcoin address that is supposedly associated with the hacker’s wallet.
The bad actor later clarified the fake promotion, noting that users could send $1,000 to get $2,000 in return. Minutes later, a similar tweet was posted to Bill Gates’ account. The hours that followed saw countless other accounts posting nearly identical messages.
In addition to the noteworthy figures named above, several companies’ corporate accounts were affected.
Even Crypto Twitter wasn’t spared from the scam. Cameron and Tyler Winklevoss both tweeted out warnings that their Gemini account, as well as Coinbase, Binance, and Coindesk were all hit during the attack.
ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED.
— Cameron Winklevoss (@winklevoss) July 15, 2020
What makes the situation even more concerning are the contents of Cameron’s tweet. He noted that the Gemini account was secured with two-factor authentication and used a strong password. This means that an ordinary credential-based attack isn’t likely to blame. Instead, something more sinister seems to be afoot.
So, What Happened?
Right now, it is still too early to know for sure who is behind the rash of Twitter hacks and how they managed to pull it off. The sheer speed and scale at which the operation unfolded is profound.
Vice’s Joseph Cox, a top security reporter, wrote, “Two sources close to or inside the underground hacking community provided Motherboard with screenshots of an internal panel they claim is used by Twitter workers to interact with user accounts.”
He adds, “Twitter has been deleting screenshots of the panel and has suspended users who have tweeted the screenshots, claiming that the tweets violate its rules.”
Cox’s report almost certainly rules out a general cyberattack. Moreover, the fact that accounts using two-factor authentication were affected likely means that the root cause of the attack is a serious one. It could even point to a vulnerability in Twitter’s overall platform.
One credible possibility is that hackers gained access to internal Twitter tools. If that’s the case, the damage they could cause goes far beyond running a Bitcoin scam. Another theory is that a Twitter employee was involved in the incident. If so, it wouldn’t be the first time.
Regardless, it appears that the hackers enjoyed a nice payday.
At the time of this writing, the scammer(s) has collected more than $120,000 in Bitcoin according to the public transaction records for the associated wallet address.
It’s almost comical that people still fall for these scams, but today’s events show that there are plenty of gullible users out there. When scams like this work, the success encourages other hackers to replicate them or try similar approaches.
The rash of account hacks is certainly mind-boggling. However, something even more baffling is Twitter’s inability to get the situation under control. After more than an hour of silence, during which high-profile accounts tweeted out the crypto scam, Twitter finally acknowledged the situation.
Its support account said at 5:45 p.m. ET, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.” That didn’t clarify much of anything.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
In response to the attack, Twitter took an unprecedented step—it disabled the tweet functionality for almost every verified, “blue checkmark” account. While this was done to prevent more hacked accounts from tweeting the scam, it is eye-opening. The move suggests that Twitter had no control over the attack on its platform. Its “fix” also caused a lot of trouble.
For better or worse, Twitter has evolved into a vital communication hub for organizations like the National Weather Service, government agencies, and reliable news outlets. While several hours of respite from the ramblings of celebrities and politicians was glorious, radio silence from accounts tied to emergency services is unacceptable.
Fortunately, it appears that things are slowly getting back to normal. At 8:41 p.m. ET, Twitter said that “most” verified accounts were able to tweet again. However, the company said that the functionality might be sporadic as it continues to work on a fix.
Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible.
— Twitter Support (@TwitterSupport) July 16, 2020
While Wednesday’s attack was more of a scam operation than a sinister hijacking, it still raises some red flags. The primary concern, of course, is whether or not there is a massive vulnerability lurking somewhere in the Twitter platform.
The recent hacks and Twitter’s lack of a solution have undoubtedly turned every eye in the underground hacking world to the platform. Over the next few days, Twitter will likely undergo an onslaught of breach attempts from hackers looking to find and exploit any crack in its security.
Though this issue is about user privacy and data security, it is also more important. It demonstrates that Twitter, when in the wrong hands, can easily be used to cause chaos. All it takes is a similar rash of hacks by someone with more serious intentions to do significant real-world damage.
Hopefully, Twitter will be able to get its act together and move forward with a stronger, safer front in the days ahead.