TL;DR: As of publication, verified and famous Twitter accounts have been used to trick followers into sending $118,229.82 worth of bitcoin, 12.86188859 BTC, according to Blockchain.com’s Block Explorer. It seems very few were spared, including at least one former US President (Obama), a current presumtive Democratic nominee for President (Biden), along with dozens of big companies, crypto exchanges, and influencers.
Twitter Blue Checks Hacked for $118,229.82 Bitcoin (So Far)
At about 3:30pm PST, Twitter Support assured, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.” That was roughly two hours after verified crypto-related accounts, from exchanges like Binance and Coinbase, and others were hit with an appeal for matching donations. Within minutes of the suspicious tweets, CoinSpice put out a hack warning.
Hackers used Bech32 (P2WPKH), native SegWit address to collect the BTC. Michele Spagnuolo, Senior Information Security Engineer at Google, noted, “Seriously, using a bech32 address made sending BTC more complicated for very unsophisticated victims, as older wallets do not accept them. It’s an irrational choice.” At least one transaction was for $40,000, with some analysts assuming other addresses used were probably consolidated.
Cyber security pundit Under the Breach mused, “There is almost certainly a 0day for twitter, probably some kind of auth bypass,” further suggesting, “Solid rumor is that an employee panel got hacked.” Privacy hawks over at Samourai Wallet sneered, “Never let a good crisis go to waste. 20% OFF all Whirlpool CoinJoin fees until end of day Saturday. Use the discount code CRYPTO4HEALTH and get mixing. We figured that people should get something legitimate out of this fiasco.”
“Okay since I control @6’s account,” veteran hacker Lucky225 explained, “which got hit in this massive Twitter account BTC scam I can give some insight, they’re either intercepting SMS on password reset or they’re bypassing it somehow. Got this Google Voice SMS code when the account was hacked which had OTP 2FA.” In the end, Bill Gates, Elon Musk, Uber, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Gemini, Kucoin, TRON, and many other accounts fell victim to a scheme still potentially unfolding. Perhaps the most lucid takeaway came from developer Jameson Lopp. “You know what the real news is from this incident?” he tweeted, “Someone appears to have root level access to Twitter. They OWN this platform. They are in GOD MODE. They can do ANYTHING they want on it. And their top choice is to trick you into parting with your precious bitcoin.”
Featured image: @BigBrosNephew
CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.
DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.
DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.