{"id":4332,"date":"2020-07-17T10:56:51","date_gmt":"2020-07-17T10:56:51","guid":{"rendered":"https:\/\/signdesk.com\/in\/?p=4332"},"modified":"2025-09-17T07:05:33","modified_gmt":"2025-09-17T12:35:33","slug":"hackers-take-over-high-profile-twitter-accounts-in-bitcoin-scam","status":"publish","type":"post","link":"https:\/\/melento.ai\/en-in\/blog\/hackers-take-over-high-profile-twitter-accounts-in-bitcoin-scam","title":{"rendered":"Hackers take over high profile Twitter accounts in Bitcoin scam"},"content":{"rendered":"

What happened?<\/b><\/span><\/h2>\n

On Wednesday, July 15, 2020, several high-profile Twitter accounts<\/a> were hacked and used for a \u201csmash-and-grab\u201d type scam. The scam involved these compromised accounts sending out tweets<\/a> requesting BTC donations to a wallet (presumably the hackers\u2019), which would be doubled and returned to the donors.\u00a0\u00a0<\/span><\/p>\n

The tweets<\/a> generally followed this template – \u201cI am giving back to the community! All Bitcoin<\/a> sent to the address below will be sent back, doubled. Only doing this for 30 minutes.\u201d<\/span><\/p>\n

\"Tweets-attack\"<\/p>\n

This is called a \u201csmash-and-grab<\/strong>\u201d because hackers have only a short time window to extract money from the scam before their operations are shut down.\u00a0<\/span><\/p>\n

The accounts hacked belonged to celebrities and public figures including – Joe Biden, Elon Musk, Barack Obama, Kanye West, Jeff Bezos, Bill Gates, etc. Several business accounts including those of Cash App, Uber, Apple, bitcoin<\/a>, and coinbase. Other businesses accounts of cryptocurrencies were also compromised.\u00a0<\/span><\/p>\n

These tweets<\/a> have since been taken down and control of the accounts in question have been returned to their owners.\u00a0<\/span><\/p>\n

The hackers have made out with an estimated $120,000, but this could turn out to be a conservative estimate as there are over 70,000 unverified transactions on the BTC wallet that was provided.<\/span><\/p>\n

How did this happen?<\/strong><\/span><\/h2>\n

Reports differ, but the consensus is that a group of hackers received access to an internal administrative tool used by Twitter employees, either by paying off employees, or other means.\u00a0<\/span><\/p>\n

This tool was apparently used to change account-level settings of the accounts, including confirmation mails, which were used to force password resets and gain control of even those accounts with multi-factor authentication.\u00a0<\/span><\/p>\n

The tool apparently consists of a panel that was used to change ownership of the high profile accounts that were hacked. Here\u2019s a screenshot taken by a Twitter<\/a> user of the panel.<\/span><\/p>\n

 <\/p>\n

\"socially-engineered\"<\/p>\n

The story is still developing and twitter has been mostly silent about this, but it has tacitly acknowledged that this was a \u201csocially engineered<\/strong>\u201d attack suggesting that employees might be involved.<\/span><\/p>\n

It\u2019s also come to light that the Twitter dev team was supposed to implement a new API on the day of the hack, this might be an alternative to the theory of social engineering, and the hack could be a case of someone exploiting bugs in the old API before the new one was implemented.<\/span><\/p>\n

Who was responsible?<\/strong><\/span><\/h2>\n

There is again no clear consensus.\u00a0<\/span><\/p>\n

Some of the tweets<\/a> directed users to a website – cryptoforhealth.com, which also has an Instagram account on which the creators of the account took credit for the hack and stated that the money is for \u201ccharity\u201d.\u00a0<\/span><\/p>\n

\"Instagram\"<\/p>\n

Other reports indict members of a hacking forum \u201cOGUsers\u201d who state that they had already been using the internal admin twitter tool for this scam and the scam on July 15\u00a0 was simply an escalation. <\/span><\/p>\n

Why was this done?<\/strong><\/span><\/h2>\n

Theories abound that this was more than a scam and was politically motivated or motivated by business interests due to the nature of the accounts that were hacked.<\/span><\/p>\n

It\u2019s been speculated that this attack\u2019s purpose is blackmail as the hackers could access the DMs of the hacked accounts. It could also be a demonstration to a client given the relatively small amount of money extracted.<\/span><\/p>\n

How is Twitter reacting?<\/strong><\/span><\/h2>\n

Jack Dorsey has stated that twitter is looking seriously into these attacks and that the usage of the internal tool in question has now been limited. <\/span><\/p>\n

\"Tweet-again\"<\/p>\n

Most accounts should be able to Tweet<\/a> again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.<\/span><\/p>\n

\u2014 Twitter Support (@TwitterSupport) <\/span>July 16, 2020<\/a><\/strong><\/span><\/p>\n

Experts say that given the access that the hackers had, this could have been much worse.<\/span><\/p>\n

What does this mean for you?\u00a0<\/strong><\/span><\/h2>\n

All of us use social media regularly for a host of activities. This high-profile attack should serve as an indication to both individuals and businesses, that we must take our cyber security<\/a> more seriously.\u00a0<\/span><\/p>\n

Here are some precautions for both individuals and businesses, to safeguard themselves from spam-based attacks online.<\/span><\/p>\n

How can individuals & businesses protect themselves against spam-based attacks?<\/strong><\/span><\/h2>\n

Spam-based attacks rely on hackers getting a hold of email IDs, so here are precautions individuals can take to protect themselves from this attack.<\/span><\/p>\n