One of the phrases involved in the scam was tweeted more than 3,000 times in the space of four hours, with tweets being sent from IP addresses linked to many different countries. The tweets were labelled as having been sent using the Twitter Web app. Some of the compromised accounts posted scam messages repeatedly, even after having some of the messages deleted. After it was added, the cryptocurrency was then subsequently transferred through multiple accounts as a means to obscure their identity. Of the funds added, most had originated from wallets with Chinese ownerships, but about 25% came from United States wallets. It is unclear if these had been funds added by those led on by the scam, as bitcoin scammers are known to add funds to wallets prior to starting schemes to make the scam seem legitimate. Multiple bitcoin wallets had been listed at these websites the first one observed had received 12 bitcoins from over 320 transactions, valued at more than US$118,000, and had about US$61,000 removed from it, while a second had amounts in only the thousands of dollars as Twitter took steps to halt the postings. Security experts believe that the perpetrators ran the scam as a " smash and grab" operation: Knowing that the intrusion into the accounts would be closed quickly, the perpetrators likely planned that only a small fraction of the millions that follow these accounts needed to fall for the scam in that short time to make quick money from it. While such "double your bitcoin" scams have been common on Twitter before, this is the first major instance of them being sent from breached high-profile accounts. The tweets followed the sharing of malicious links by a number of cryptocurrency companies the website hosting the links was taken down shortly after the tweets were posted.
The tweets involved in the scam hack claimed that the sender, in charity, would repay any user double the value of any bitcoin they sent to given wallets, often as part of a COVID-19 relief effort. Twitter believed 130 accounts were affected, though only 45 were actually used to tweet the scam message most of the accounts that were accessed in the scam had at least a million followers. Other apparently compromised accounts included those of well-known individuals such as Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, MrBeast, Michael Bloomberg, Warren Buffett, Floyd Mayweather Jr., Kim Kardashian, and Kanye West and companies such as Apple, Uber, and Cash App. The scam then moved to more high-profile accounts with the first such tweet sent from Elon Musk's Twitter account at 20:17 UTC. įorensic analysis of the scam showed that the initial scam messages were first posted by accounts with short, one- or two-character distinctive names, such as This was followed by cryptocurrency Twitter accounts at around 20:00 UTC on July 15, 2020, including those of Coinbase, CoinDesk and Binance. Department of Justice announced charges against three individuals in connection with the incident. ĭmitri Alperovitch, the co-founder of cybersecurity company CrowdStrike, described the incident as "the worst hack of a major social media platform yet." Security researchers expressed concerns that the social engineering used to execute the hack could affect the use of social media in important online discussions, including the lead-up into the 2020 United States presidential election.
KREBS STAMOS GROUP RANSOMWHERE 32M PAGETECHCRUNCH FULL
In addition, full message history data from eight non-verified accounts was also acquired. Within minutes from the initial tweets, more than 320 transactions had already taken place on one of the wallet addresses, and bitcoin to a value of more than US$110,000 had been deposited in one account before the scam messages were removed by Twitter. The scam tweets asked individuals to send bitcoin currency to a specific cryptocurrency wallet, with the promise of the Twitter user that money sent would be doubled and returned as a charitable gesture. Three individuals were arrested by authorities on July 31, 2020, and charged with wire fraud, money laundering, identity theft, and unauthorized computer access related to the scam. They appeared to have used social engineering to gain access to the tools via Twitter employees. Twitter and other media sources confirmed that the perpetrators had gained access to Twitter's administrative tools so that they could alter the accounts themselves and post the tweets directly. On July 15, 2020, between 20:00 and 22:00 UTC, reportedly 130 high-profile Twitter accounts were compromised by outside parties to promote a bitcoin scam. The bitcoin addresses involved received about US$110,000 in bitcoin transactions. A representative scam tweet, from Apple's hacked account.Īt least 130 accounts affected.