Crypto scammers responsible for what could be the largest ever hack on Twitter were able to succeed because individual employees have high levels of access to information and control on the platform.

In a series of tweets from Twitter Support on July 15, the help center of the social media platform confirmed that hackers responsible for the massive breach of high-profile figures’ accounts had conducted a “coordinated social engineering attack” to gain “access to internal systems and tools.”

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” Twitter Support said. “We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

The account reported the platform had taken “significant steps to limit access to internal systems and tools” as the breach is investigated.

Access to promote fake Bitcoin giveaways

The hackers were able to post tweets using the accounts of major figures including Barack Obama and Joe Biden to promote a fake Bitcoin (BTC) giveaway which has so far swindled over 300 users out of $118,000. 

The individual employee admin panels targeted in the hack have significant access to a variety of tools to control the affected accounts, including posting messages on their behalf and changing the verification phone number and email address.

Twitter user sniko_ posted screenshots which indicate the fraudsters may have changed the email address for verification for the Coinbase and Gemini accounts, as they were the same following the attack.

Coinbase and Gemini password reset screenshots

Coinbase and Gemini password reset screenshots

Vice’s Motherboard reported that Twitter was taking down screenshots of user posted shots of admin panels on the grounds that they violated the rules. Images showing access to several Twitter accounts revealed internal admin details including the number of strikes logged against each account, when the account was last accessed, which phone numbers were tied to it, and which email addresses were used for verification. 

Screenshot of Twitter internal employee panel access to Binance account

Screenshot of Twitter internal employee panel access to Binance account. Source: Motherboard

Reactions from Crypto Twitter

“Sounds bad that a Twitter developer can just login to my account and tweet anything, read my private stuff and all,” said Twitter user 1uc45MH. “If one of them freaks out they can tweet anything on anyone’s account.”

The stock market reacted similarly, despite it being after-hours trading shortly after the hack was discovered. Twitter’s stock TWTR fell from $35.60 to $34.70, a drop of 2.5% in just 15 minutes. At the time of writing, the platform’s stock is priced at $34.52.