A surprisingly large number of high-profile Twitter accounts ranging from Barack Obama to Elon Musk and Kanye West were hacked Wednesday in an apparent Bitcoin scam that fooled online users into handing over at least $130,000.
The official Twitter accounts of Apple, Uber, and Square’s Cash App were hacked in the cryptocurrency scam, as were accounts belonging to billionaires Bill Gates, Jeff Bezos, Warren Buffet, Mike Bloomberg and Elon Musk.
Rapper Kanye West, former U.S. President Barack Obama, and Democratic presidential candidate Joe Biden also fell prey to the hackers.
Each of the Twitter accounts have millions of followers.
In various tweets, the accounts posted messages requesting that followers send USD $1,000 in Bitcoin to specific web addresses, after which they would get double the contribution in return.
“Everyone is asking me to give back, and now is the time,” a tweet from Microsoft CEO and philanthroper Bill Gates’s account said. “You send $1,000, I send you back $2,000.”
In the short time that the malicious tweets were online, the address displayed in the tweets garnered about $113,000 in contributions, according to Bitcoin transaction receipts – equaling over 11 bitcoins. About 320 transactions were listed on the account.
However, the transactions may have been carried out with scammers themselves to grant their account more legitimacy in the eyes of visitors.
Many of the scam tweets were deleted within minutes of being posted, but the scam tweets were reposted moments later.
When Binance CEO Changpeng Zhao attempted to warn followers that the tweets were a scam, his account was revealed to also have been compromised when hackers quickly deleted his warning, reports The Block.
A campaign aide for Biden said that the candidate’s account was “locked down” immediately. “We remain in touch with Twitter on the matter,” the aide told CNN.
A spokesperson for Bill Gates also described the incident as “part of a larger issue that Twitter is facing.”
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
In a tweet, Twitter’s support account said: “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”
The messages appeared after major cryptocurrency companies also shared malicious links. Affected entities include KUCOIN, Binance, and Gemini, according to MalwareTech blog. The website that users were directed to, titled CryptoForHealth, was pulled offline shortly after the malicious tweets were posted.
MalwareTech also speculated that the accounts were likely made vulnerable through third-party apps rather than directly through the Twitter platform.
A bunch of high profile cryptocurrency Twitter accounts have been hijacked to tweet bitcoin scams. Likely a 3rd party App compromise rather that Twitter itself. Wallet has received ~$6000. pic.twitter.com/D8MiXrz9ml
— MalwareTech (@MalwareTechBlog) July 15, 2020
Due to the large amount of high-profile accounts impacted in Wednesday’s attack, the event may be the largest security incident in Twitter’s history.