Earlier this morning, a large-scale Twitter attack took over some of the most powerful verified Twitter accounts including Joe Biden, Elon Musk, Bill Gates, Kanye West, Kim Kardashian, Wiz Khalifa, Warren Buffett, Mike Bloomberg, Barack Obama, and Jeff Bezos.

The attacker has posted about fake giveaways from the compromised accounts, asking for Bitcoin (BTC) payments and promising to send back double the amount received.

Official Responses

Many of the accounts were quick to respond to the hack with the Tweets being deleted and Twitter temporarily locking down all verified accounts until the situation has been resolved.

Twitter Support said: 

“We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. [...] We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this.”

Twitter CEO Jack Dorsey posted that the team is continuing to investigate what happened and he said: “We all feel terrible this happened.”

Multiple companies with compromised accounts have responded. Binance announced that they are taking action to protect their assets by blacklisting the scammer’s addresses and have retaken control of their Twitter account. The exchange also stated that no Binance users has sent Bitcoin to the address.

How they did it

One mystery behind the hack is how the attackers obtained access to so many high profile accounts. One theory suggests the work of an ex/current Twitter employee:

“Prob inside job... knew inter workings of Twitter... too obvious... disgruntled employee maybe?”

A post by Vice supports this theory with screenshots of Twitter’s internal admin panel uncovered by the underground hacking community. Some users have even named a particular ex-Twitter developer as the man behind the attack —  although this is totally unverified and zero proof was provided.

BadCrypto podcast host Travis Wright shared a screenshot that a group called BoboChan was claiming responsibility:

Andreas Antonopoulos suggested an alternative theory, saying Twitter might not be where the attacker got in, “It seems like some Twitter API posting service has been compromised and being used to send out fake ‘giveaway’ tweets. [...] I don’t think this is a compromise of Twitter.” He went on to say that these services often have weaker security and limited 2FA options.

Is there more to it than meets the eye?

Many of the tweets also refer to ‘CryptoForHealth’ with a link to the site which has since been taken offline.

CZ Binance

Hacken Group CEO Dyma Budorin warned users this site might also involve malware.

“If you have clicked [on] that link then most probably you already have malware [on] your device. Immediately terminate active sessions from twitter and all exchanges accounts. And don’t use this device before the world understands what happened #cryptoforhealth

“Super low IQ”

The attackers appear to have missed a trick as anyone with access to so many influential accounts could have easily chosen to manipulate the markets through FUD rather than run giveaway scams. Crypto trader Sicarious described the hackers as “super low IQ” and explained a better approach would be to short Bitcoin then blast news about “SEC raids, exchange hacks, funds not being ‘safu’”.

Another well known crypto trader DonAlt responded suggesting the same approach could have pumped Bitcoin’s price with the accounts tweeting news of “a coin being adopted as a reserve currency for the US to thwart China and bought beforehand.”

A prelude to a Bitcoin hack

Bitcoin skeptic and gold enthusiast Peter Schiff commented on the attack wondering “if this is a harbinger of Bitcoin itself being hacked”, finishing the tweet by saying, “Better to play it safe and just buy #gold.”

But as Anthony Pompliano tweeted: “Twitter was hacked. Bitcoin has never been hacked.”

Blockstream CEO Adam Back posted a funny tweet about Peter getting hacked and asking for gold instead of Bitcoin: 

“Twitter isn’t really yours”

Bitcoin developer Jimmy Song took the opportunity to educate people that nothing centralized is really owned by the individual likening this situation back to fiat currency economies:

“You know how someone is messing with Twitter with root level access right now? The same thing happens to the dollar every day. Your dollars aren't really yours in the same way your Twitter isn't really yours.”