Source: gualtiero boffi – shutterstock
- Twitter hacking compromised the security of thousands of accounts on the social network to promote a Bitcoin theft scam (BTC).
- Hackers have send stolen Bitcoins to Coinbase and BitPay.
Twitter has experienced probably one of the worst hacks to a social network. Yesterday, July 15, the accounts of thousands of entertainment personalities, entrepreneurs, businesses and others were hacked to promote a Bitcoin (BTC) theft scam. Among those affected are Tesla CEO Elon Musk, Bill Gates, former U.S. President Barack Obama, Kim and Kanye West, and many others.
Some hacked accounts, such as crypto exchange Gemini, had secondary security measures. Exchange’s co-founder and CEO, Tyler Winklevoss, said the Gemini account had two-factor verification (2FA) enabled. However, this did not affect the efficiency of the attack and has led to the belief that the hackers had access to internal Twitter tools. Casa custodian co-founder, James Loop, claimed that the attackers had root level access to the social network.
Once the accounts were hacked, the attackers posted a message of supposed solidarity due to the coronavirus pandemic (Covid-19). The message offered a promotion with Bitcoin to help “the community” of the users, as shown in the image below. The message offered a wallet address to which users had to send Bitcoin.
Source: https://twitter.com/twetchapp/status/1283516195321393152/photo/1
Twitter gives some answers
Data analysis company Whitestream investigated and detected transactions coming from addresses associated with the exchanges BitPay and Coinbase. This address, researchers say, was one of the first used by hackers to receive funds stolen from BTC. Whitestream stated the following, tagging Coinbase and BitPay:
Please check the following Bitco_in address that B_itcoin received from the attacker’s scam announcement address: 1_Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuy_F
Although the attackers used different addresses, the one referred to in the Whitestream tweet received most of the funds. The hackers used the old format address mentioned, “1_Ai52”. From this, the researchers were able to determine that the address belongs to wallets affiliated with exchanges BitPay and Coinbase. The attackers used a different address with the format Bech32 to attack other Twitter accounts not related to cryptocurrencies. At the time of publication, hackers have obtained about $140,000 or 15 BTCs. In addition, researchers traced 3 transactions from this address, prior to the attack, to Coinbase and BitPay and also to the exchange CoinPayments.
Researchers have speculated about the addresses used by the hackers. However, they have not determined a specific reason why the attackers made the transactions to the exchanges, nor the reason behind the choice of Bitcoin addresses with an old format. In general, it appears that the attackers experimented with the addresses and transactions before they made the hit. The latter is inferred by the lack of anonymity tools used by the attackers and the more efficient options raised by members of the crypto community that would have given the attackers more profit.
Twitter has received numerous attacks in the last 24 hours. Especially, members of the crypto community have pointed out the futility of centralized systems to provide security to their users. Twitter’s response has been relatively slow, probably because of the massiveness of the attack. Twitter CEO and Bitcoin enthusiast Jack Dorsey shared the results of the initial research.
According to Twitter, the hack was a “coordinated social engineering attack”. In addition, Twitter revealed that its employees were first affected by the hackers and then used to gain access to the accounts. Twitter will continue to investigate to determine whether the attackers committed other malicious acts. In the meantime, they have limited the functionality of some accounts to continue the investigation. Twitter has promised further updates in the near future.
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
— Twitter Support (@TwitterSupport) July 16, 2020
Last updated on