Hack of the Decade: Shameless Bitcoin Scam or Something Much More Sinister?
Yesterday, anonymous attackers hacked Twitter accounts of Binance CEO Changpeng Zhao, Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, Barack Obama, Uber, Apple, and many others. They used these accounts to post fraudulent messages promoting the distribution of 5,000 BTC on behalf of a rogue site Cryptoforhealth.
Despite hacking a score of highest-profile celebrity and corporate accounts, hackers were able to swindle the public of a bit over a dozen Bitcoins. Yet as the dust settles the world is about to realize the way more dire implications of this Twitter hack.
This type of scam is certainly not new but it has become increasingly more popular in recent months. Crypto-related Telegram channels are bombarded by screenshots of fake Twitter messages promoting similar giveaway scams.
Scammers even managed to pull off buying YouTube ads with these messages.
Until recently this scam remained comparatively small scale. Then the hackers hit Twitter.
On July 15, an anonymous group actually hacked a large number of celebrity Twitter accounts and made fake Bitcoin giveaway posts. The exact tally of all affected accounts is not yet available. Among the victims were the world’s most famous entrepreneurs Musk and Bezos, key Democratic party members Biden, Obama, Bloomberg, and global companies like Apple, Uber, Binance.
Most messages followed the same pattern and even the same wording, asking followers to send any amount of Bitcoins to a provided address to receive double the amount back. Obviously, no Bitcoins were ever sent back.
At the moment, the Twitter team, which responded to the hack with a noticeable delay, knows little.
According to Chainalysis, attackers’ main address received about 12.86 BTC (over $120,000) in a course of 375 transactions. There were two more additional addresses that received very modest donations, while nothing was sent to the XRP account.
[THREAD] Here's what we know so far about today’s #Twitterhack & #Bitcoinscam. As of now, the scam’s main BTC address (bc1…0wlh) received ~$120k in donations in 375 transactions. No funds have been cashed out at exchanges yet. pic.twitter.com/Jg9og3CFCz
— Chainalysis (@chainalysis) July 16, 2020
The most unlucky victim of the scam parted with $40,000 worth of Bitcoins. According to Chainalysis, his wallet has interacted with Japanese exchanges in the past. The rest of the transactions came mainly from exchanges.
Twitter was slow to react and fraudulent posts were allowed to remain unredacted for hours. The exchanges took upon themselves the role of first responders and began blocking transfers to accounts used by the criminals.
„Kudos to Coinbase- I tried sending a small amount to the account after seeing Elon Musk's tweet, and Coinbase prevented the transaction from occurring.“
Looks like other exchanges are doing the same. Underrated layer of defensehttps://t.co/JAtWJAN9MF
— Hasu (@hasufl) July 15, 2020
Whitestream analysts discovered that the attackers’ addresses had previously interacted with Coinbase cryptocurrency exchange and BitPay and CoinPayments services.
As of now stolen funds are still in motion.
Twitter tech support is still investigating the hack. So far they claimed that it was a coordinated attack that involved not only hacking but also social engineering.
Twitter employees with access to internal systems are said to have been victims of a coordinated social engineering attack. This allowed attackers to take control of many accounts, including verified ones.
The Block analyst Larry Chermak threw together a timeline of the attack, which allowed him to conclude that only one Twitter employee was likely the victim of the hack.
I also made a timeline. The interesting thing here is the large gap between the first attack and then the second. And then also that none of the hacks overlap, which suggests that the hacker was actually manually doing it through one employee panel (not multiple) pic.twitter.com/eeKp9x9US5
— Larry Cermak (@lawmaster) July 16, 2020
Twitter CEO Jack Dorsey has promised to release the full details as soon as Twitter figures out how the hack was possible.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
? to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
Vice reports that an anonymous whistleblower has told Motherboard in a candid interview that Twitter is still unsure whether their employee was a victim of a social engineering attack or helped the hackers on his own accord.
The implication that it could be an inside job feeds into Kim Dotcom’s old “backdoor mantra”.
Your computer has a backdoor
Your phone has a backdoor
Your bank has a backdoor
Your life has a backdoor
Thanks to the U.S. Government ?
— Kim Dotcom (@KimDotcom) February 6, 2018
The Twitter hack in his opinion vindicated his conspiracy theory as it reveals that “there are government backdoors with god mode that can be abused”. Which makes evidence from email, smartphones, social media is no longer reliable in Court because it can be edited.
The Real Danger Behind the Hack
Some experts were quick to point out that the level of access available, albeit temporary, to the hackers basically allowed them to enter God mode with all possible implications.
You know what the real news is from this incident?
Someone appears to have root level access to Twitter. They OWN this platform. They are in GOD MODE. They can do ANYTHING they want on it.
And their top choice is to trick you into parting with your precious bitcoin.
— Jameson Lopp (@lopp) July 15, 2020
It will be a while until we understand exactly what happened and what will be the implications. It could be compromised DMs used to extort large accounts. Or it could be something else. What's clear though is that if this could happen once, it could easily happen again.
— Larry Cermak (@lawmaster) July 16, 2020
Twitter is still trying to figure out the real amount of damage the hackers may yet cause, having attained access to private information and the message history of its users. The distribution of Bitcoins scam could only be a distraction, and the attackers’ true goal could very well be precious private data.
Subscribe to our Newsletter<
- New Report Reveals How Long Hackers Keep Using Compromised Accounts
- North Korean Hackers Create Crypto-Trading Apps to Steal Cryptocurrencies
- Steve Wozniak Sues YouTube For Fake Bitcoin Giveaway Ads
- CipherTrace: Twitter Hackers Laundered Stolen Bitcoins Through Exchanges and Casinos
- 7th Hacker Congress in Prague to Seek Relief from Digital Totalitarianism
- Former GlobalHell Hacker: The Attack on Twitter Is Way Bigger than Anticipated
- UK, U.S., and Canada Accuse Russia of Hacking Attacks to Steal Secret Research on Covid-19 Vaccine
- Bitsonar Exit Scam: How Former Ukrainian Government Official Took Money From Europeans, Americans, and Russians With Cryptopyramid