Coordinated Twitter hack hits Elon Musk, Obama, Bill Gates and more in Bitcoin scam

Ruth Lanigan

Ruth Lanigan

Coordinated Twitter hack hits Elon Musk, Obama, Bill Gates and more in Bitcoin scam

Yesterday, July 15thsaw a number of high-profile Twitter accounts hacked and this may have been one of the biggest Twitter hack’s of all time.

What happened?

The scam targeted a number of well-known Twitter accounts, including that of Joe Biden, Barack Obama, Bill Gates, Elon Musk, Kanye West, Apple and many more. The hack occurred across these accounts simultaneously and saw these profiles promote a bitcoin scam to their tens of millions followers.

Current suspicions indicate that this was a social engineering attack.

The attack appears to have been directed at cryptocurrency-focused accounts – these include Bitcoin, CoinDesk, Coinbase, Gemini, Ripple, and Binance, all of which were hacked with the same message just before the tweets were posted:

“We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a phishing website that has since been taken down.

It was following these initial tweets from the cryptocurrency accounts that the soliciting tweets around donating bitcoins were posted. The hack was made harder to identify as they used the same Bitcoin address as was on the CryptoForHealth website.

Account hijacks on Twitter have happened before, but this is the first time it has happened at such an unprecedented scale. This leads to speculations that the hackers took control of a/multiple Twitter employees administrative access accounts and take over the high-profile accounts and were able to tweet on their behalf. This would also mean that the hackers would not need to know any passwords or pass any two-factor authentication codes which made it easier for them.

As of last night, the hackers behind this operation have managed to collect almost $120,000 in bitcoins over the course of several hours – which means of course that unaware Twitter users have fallen victim to the false messaging and donated to the fraudulent cause.

What has Twitter done?

As of early morning, Twitter have “locked accounts that were compromised” and “limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.” Which suggests this social engineering attack may be larger than initially suspected.

Twitter has also revealed that it was its own employee tools that contributed to the unprecedented hack. “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools” Twitter does not elaborate on what tools the attackers accessed or how exactly the attack was carried out. We have not been made aware of who is behind these attacks as of yet but given the widespread scope of this campaign, the damage could have been far greater but the motive of the body behind this attack seems to have been a quick money making scam.

As the day develops, we will undoubtedly hear more from the social media giant stay alert.

Smarttech247 once again advises our clients and members of the public to never engage in online activity from an unverified source. It is very important to stay vigilant at all times. Our security teams are working to protect customers and we will share updates of this story as they are identified.   

Ruth Lanigan

Ruth Lanigan