The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creator quite a bit of money.
We don’t know how it’s happened or even to what extent Twitter’s own systems may have been compromised. The hack is ongoing, with new tweets posting to verified accounts on a regular basis starting shortly after 4PM ET.
It all began when Elon Musk’s Twitter account was seemingly compromised by a hacker intent on using it to run a bitcoin scam. Microsoft co-founder Bill Gates also had his account seemingly accessed by the same scammer, who posted a similar message with an identical bitcoin wallet address. Both accounts are continuing to post new tweets promoting the scam almost as fast as they are deleted.
A spokesperson for Gates tells Recode’s Teddy Schleifer,
“We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account.”
See below:
NEW — statement from a spokesperson for Bill Gates.
"We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account.” pic.twitter.com/v37Jvs76Jl
— Teddy Schleifer (@teddyschleifer) July 15, 2020
Shortly after the initial wave of tweets from Gates and Musk’s accounts, the accounts of Apple, Uber, former President Barack Obama, Amazon CEO Jeff Bezos, Democratic presidential candidate Joe Biden, hip-hop mogul Kanye West, and former New York City mayor and billionaire Mike Bloomberg, among others, were also compromised and began promoting the scam.
It’s unclear how widespread the operation is, but it appears to be affecting numerous major companies and extremely high-profile individuals. That suggests someone, or a group, has either found a severe security loophole in Twitter’s login process or third-party app, or that the perpetrator has somehow gained access to a Twitter employee’s admin privileges.
Here are tweets below:
The origin of the scam appears to be when Musk’s account issued a mysterious tweet at 4:17PM ET reading, “I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” The tweet also contained a bitcoin address, presumably one associated with the hacker’s crypto wallet.
The tweet was then deleted and replaced by another one more plainly laying out the fake promotion. “Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes,” it read before also getting deleted. The tweet posted to Gates’ account echoed the last Musk tweet, with an identical BTC address attached. It was also deleted shortly after posting, only for a similar message to take its place a few minutes later.
Square’s Cash App appears to be one of the other company accounts compromise. However, it’s not clear if the culprit is the same or if this is some form of a coordinated scam on behalf of a group as the tweet contained a different BTC address than the ones posted to the other accounts. In addition to the Cash App, popular crypto Twitter accounts, including those of Cameron and Tyler Winklevoss’ Gemini cryptocurrency exchange and widely used wallet app Coinbase, were also compromised. Cameron Winklevoss claims the Gemini account was protected by two-factor authentication and used a strong password, and the company is now investigating how it was hit.
Discussion about this post