Several high-profile Twitter accounts were hacked simultaneously on Wednesday — some with millions of followers — for a cryptocurrency scam. The identity of the attackers is unknown.
Among the hacked accounts are Bill Gates, Elon Musk, Jeff Bezos, Joe Biden, and many others.
UPDATE July 16, 11:21 AM EDT: Accounts hacked by Bitcoin scammers announced
It became apparent early on that the situation was not the case of a single account being compromised, but involved multiple attacks.
The complete list of accounts hacked by Bitcoin scammers has now been announced. According to The Spectator Index's tweet, high profile accounts belonging to Barack Obama, Bill Gates, Elon Musk, Joe Biden, Warren Buffett, Kanye West, Michael Bloomberg, Apple, Uber, Jeff Bezos, and Benjamin Netanyahu were affected by the scam.
UPDATE July 16, 11:14 AM EDT: Twitter addresses the issue
Twitter first acknowledged the situation at 2:45 p.m. PT Wednesday afternoon, calling it a “security incident.”
Afterward, it tweeted that the problem was detected. "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
"We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."
However, as Twitter worked on the issue, Twitter users reported seeing errors on the platform. Addressing the errors on Wednesday evening, Twitter stated that most tweeting should be back to normal but functionality “may come and go” since the company was actively dealing with the issue and working on a fix.
The last tweet by Twitter reads, "Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."
UPDATE July 15, 6:39 PM EDT: $110,000 earned from scam so far
Some people with money have fallen for the scam, sending large sums to the associated BTC addresses — since all blockchain-based cryptocurrency transactions are public. As of writing, the scammer (or scammers) has earned almost $110,000 — however it looks like the account owner is sending money out as the daily final balance keeps fluctuating up and down.
It's an actual wallet address and there are transactions happening. It's unclear if these transactions are legit. Scammers often seed their own scams to give them the appearance of authenticity. https://t.co/GUHEDaKNxupic.twitter.com/xfhl3817xr— Ryan Mac 🙃 (@RMac18) July 15, 2020
Of course, this isn't the first time Musk became a target of Twitter-based bitcoin scammers. They typically create fake accounts made to emulate the entrepreneur's voice and reply to his tweets promoting the scams — to create the illusion of legitimacy.
This is why Twitter has locked some accounts that change their name to "Elon Musk," and the social media company identified cryptocurrency scammers in spring 2018 as bad actors intent on manipulation as it worked to eliminate similar scams through bans and additional moderation strategies.
UPDATE July 15, 6:29 PM EDT: Square's Cash App also hacked, possibly coordinated attack
Square's Cash App is reportedly another of the company accounts compromised by a major hack. But it isn't clear if Square's attacker is the same from Musk's and others' — or if this is a larger coordinated scam on behalf of a group, since Square's hacked tweet contained a different BTC address than the ones found on other hacked accounts.
Additionally, popular crypto Twitter accounts like those of Tyler and Cameron Winklevoss' Gemini cryptocurrency exchange and widely-used wallet app Coinbase were also attacked, The Verge reports.
Cameron Winklevoss has claimed that the Gemini account was safeguarded by a two-factor authentication and featured a strong password. The company is at present investigating how it was hit by the scam.
UPDATE July 15, 6:04 PM EDT: Cryptocurrency hack ongoing, includes Bloomberg, Bezos, Kanye, and more
The list of hacked accounts is staggering and continues to grow as of writing. Apple, Uber, former U.S. President Barack Obama, Amazon CEO Jeff Bezos, hip-hop icon Kanye West, and former New York City mayor and billionaire Mike Bloomberg have all been affected by this unprecedented hack, reports the Verge.
It's not clear how far this hacking operation reaches, but it is affecting many major companies and top-tier individuals with Twitter accounts. This alone strongly implies that someone — or a dedicated group — has either gained access to a Twitter employee's administrative privileges, or found a serious security loophole in Twitter's login process.
UPDATE July 15, 6:15 PM EDT: Elon Musk's Twitter reportedly hack origin
The massive multi-industry scam reportedly began on Musk's account, when at 4:16 PM EDT it tweeted: "I'm feeling generous because of Covid-19. I'll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!" The scam tweet also listed a bitcoin address — ostensibly associated with the hacker's crypto wallet.
The tweet was promptly deleted and replaced by a second one that didn't work very hard to hide the grift: "Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes," read the tweet before it too was deleted.
Another tweet posted on Gates' account was the same as the last Musk tweet, with the same BTC address attached. This one was also promptly deleted, followed by another scam tweet — posted minutes later.
High-Profile Twitter accounts including Elon Musk hacked
Many other accounts were hacked, including @bitcoin, @coindesk, @ripple, @coinbase, and @binance — all of which then displayed the same message: "We have partnered with CryptoForHealth and are giving back 5000 BTC to the community," along with a link to a website that we will not share here.