It’s a more bizarre day on Twitter than usual. The Twitter accounts of several prominent companies and celebrities — including Obama, Biden, Uber, Apple, Musk, and others — were illicitly commandeered today, in an apparent effort to scam some of their millions of followers out of their hard-earned bitcoin. It’s by far the most widespread Twitter hack we’ve seen, even if the accounts were quickly restored to normal.
The messages varied in their exact wording, but generally followed a similar format: For example, Elon Musk‘s tweet read:
“Feeling greatful, doubling all payments sent to my BTC address!
You send $1,000, I send back $2,000!
Only doing this for the next 30 minutes.
bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh”
All tweets featured the same Bitcoin address. Meanwhile, several accounts for major cryptocurrency companies featured fake tweets announcing a partnership with an organization called ‘Crypto for Health.’ Naturally, this link pointed to the same scam.
ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED.
2FA / strong password was used for @Gemini account. We are investigating and hope to have more information shortly. https://t.co/X3C0uJzc6C
— Cameron Winklevoss (@winklevoss) July 15, 2020
Seriously, the list reads like a who’ s who of famous people, companies, and cryptocurrency-related services. So far we’ve been able to identify at least these accounts as having posted fraudulent tweets:
- Barack Obama
- Elon Musk
- Apple
- Joe Biden
- Bill Gates
- Wiz Khalifa
- Warren Buffet
- Uber
- Jeff Bezos
- MrBeast
- Floyd Mayweather
- ‘God’ (@TheTweetOfGod)
- Mike Bloomberg
- XXXTentacion
- Kim Kardashian
- CoinDesk
- Gemini
- Gate.io
- Cash App
- Binance
- CZ_Binance
- Tron
- Justin Sun
- Ripple
- Charlie Lee
- Coinbase
- Coindesk
Despite their rapid removal, several tweets were captured in the Wayback Archive and Google search results:
Presumably, most or all of these accounts are using two-factor authentication, which makes this hack particularly troubling. As noted by several security researchers on Twitter (via TechCrunch), hackers seemed to fully hijack the accounts, even changing the emails associated with at least some accounts to make them harder to recover.
Yep! Crazy – looks like a full takeover/hijack pic.twitter.com/toug6PYnYr
— harrydenley.eth ◊ (@sniko_) July 15, 2020
Though we can’t tell for sure given the blocked out characters, the hackers appear to have changed the recovery addresses to emails from encrypted email service ProtonMail. That could certainly complicate investigation efforts, considering the service prides itself on the fact that even it “cannot decrypt and read your emails.”
While it’s hard to imagine such blatantly scammy messages would lead to much profit for the scammers, the wallet address does, in fact, show transactions are happening. As pointed out by Twitter user @RMac18, the wallet is active, although it’s not clear how many of the transactions are from people who have been duped versus from the scammers themselves, in an attempt to make the address appear legit:
It’s an actual wallet address and there are transactions happening. It’s unclear if these transactions are legit. Scammers often seed their own scams to give them the appearance of authenticity. https://t.co/GUHEDaKNxu pic.twitter.com/xfhl3817xr
— Ryan Mac 🙃 (@RMac18) July 15, 2020
Twitter, for its part, says it is investigating:
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
And while it’s probably a good idea to change your Twitter login info if you’re a public figure, Twitter warns that you might not be able to access all app functions while it figures out what happened:
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.
— Twitter Support (@TwitterSupport) July 15, 2020
Developing: Refresh for updates…
Read next: Only 8 seasons of classic Law & Order are currently on Peacock
Pssst, hey you!
Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.