Breaking: Bitcoin scam takes over Twitter

Billionaires Elon Musk, Jeff Bezos and Bill Gates are among many prominent US figures targeted by hackers on Twitter in an apparent Bitcoin scam.

The official accounts of Barack Obama, Joe Biden and Kanye West also requested donations in the cryptocurrency.

“Everyone is asking me to give back,” a tweet from Mr Gates’ account said. “You send $1,000, I send you back $2,000.”

Twitter said it was a “co-ordinated” attack targeting its employees “with access to internal systems and tools”.

“We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” the company said in a series of tweets. It added that “significant steps” were taken to limit access to such internal systems and tools while the company’s investigation was ongoing.

Meanwhile, Twitter Chief Executive Jack Dorsey tweeted: “Tough day for us at Twitter. We all feel terrible this happened.”

Satnam Narang, Staff Research Engineer, Tenable comments:

Several notable Twitter accounts in the cryptocurrency space have seemingly been hacked in a mass coordinated attack, including exchanges like @Coinbase, @Binance, @Gemini, @KuCoin, @Bitfinex, CEOs and founders like @CZ_Binance, @JustinSunTron, @SatoshiLite, cryptocurrency accounts like @TronFoundation, to promote a COVID-19 cryptocurrency giveaway scam.

The accounts tweeted that they “partnered with” a company called CryptoForHealth. The domain for this website was registered on July 15. The website itself claims that, to help with the hard times endured by COVID-19, they’re partnering with several exchanges to provide a “5000 Bitcoin (BTC) giveaway” which is a ruse for advanced free fraud.

In separate but related attacks, the verified accounts of Bill Gates, Elon Musk and Uber were also compromised to promote a cryptocurrency giveaway. Their tweets used the same Bitcoin address we observed on the CryptoForHealth site, indicating that this is likely a coordinated attack.

The hackers ask users to send anywhere between 0.1 BTC to 20 BTC to a designated Bitcoin address and that they’ll double victims’ money. This is a common scam that has persisted for a few years now, where scammers will impersonate notable cryptocurrency figures or individuals. What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams. Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater. This is a fast moving target and so far over $50,000 has been received by the Bitcoin address featured on the CryptoForHealth website and in Elon and Bill Gates’ tweets. We strongly advise users never to participate in so-called giveaways or opportunities that claim to double your cryptocurrency because they’re almost always guaranteed to be a scam.

Other comments

One cyber-security expert said that the breach could have been a lot worse in other circumstances.

“If you were to have this kind of incident take place in the middle of a crisis, where Twitter was being used to either communicate de-escalatory language or critical information to the public, and suddenly it’s putting out the wrong messages from several verified status accounts – that could be seriously destabilising,” Dr Alexi Drew from King’s College London told the BBC.

Emergency response

Twitter earlier had to take the extraordinary step of stopping many verified accounts marked with blue ticks from tweeting altogether. Password reset requests were also being denied and some other “account functions” disabled. By 20:30 EDT (00:30 GMT Thursday) users with verified account started to be able to send tweets again, but Twitter said it was still working on a fix.

Dmitri Alperovitch, who co-founded cyber-security company CrowdStrike, told Reuters news agency: “This appears to be the worst hack of a major social media platform yet.”

On the official account of Mr Musk, the Tesla and SpaceX chief appeared to offer to double any Bitcoin payment sent to the address of his digital wallet “for the next 30 minutes”.

“I’m feeling generous because of Covid-19,” the tweet added, along with a Bitcoin link address.

The tweets were deleted just minutes after they were first posted.

But as the first such tweet from Musk’s account was removed, another one appeared, then a third.

Others targeted included:

  • the rapper Kanye West
  • reality TV star Kim Kardashian West
  • former US President Obama
  • former US Vice-President Joe Biden, who is the current Democratic presidential candidate
  • media billionaire Mike Bloomberg
  • the ride-sharing app Uber
  • the iPhone-maker Apple

The Biden campaign said Twitter had “locked down the account within a few minutes of the breach and removed the related tweet”.

A spokesman for Bill Gates told AP news agency: “This appears to be part of a larger issue that Twitter is facing.”

Instagram message

The BBC can report from a security source that a web address – cryptoforhealth.com – to which some hacked tweets directed users was registered by a cyber-attacker using the email address mkeyworth5@gmail.com.

The name “Anthony Elias” was used to register the website, but may be a pseudonym – it appears to be a play on “an alias”. Cryptoforhealth is also a registered user name on Instagram, apparently set up contemporaneously to the hack. The description of the profile read “It was us”, alongside a slightly smiling face emoticon.

The Instagram profile also posted a message that said: “It was a charity attack. Your money will find its way to the right place.” In any case, the real identities of the perpetrators are as yet unknown. These “double your Bitcoin” scams have been a persistent pest on Twitter for years but this is unprecedented with the actual accounts of public figures hijacked and on a large scale. The fact that so many different users have been compromised at the same time implies that this is a problem with Twitter’s platform itself.

Early suggestions are that someone has managed to get hold of some sort of administration privileges and bypassed the passwords of pretty much any account they want. With so much power at their fingertips the attackers could have done a lot more damage with more sophisticated tweets that could have harmed an individual or organisation’s reputation.

But the motive seems to be clear – make as much money as quickly as they can. The hackers would have known that the tweets wouldn’t stay up for long so this was the equivalent of a “smash and grab” operation. There are conflicting accounts of how much money the hackers have made and even when a figure is settled upon, it’s important to remember that cyber-criminals are known to add their own funds into their Bitcoin wallets to make the scam seem more legitimate.

Either way, it’s going to be very hard to catch the criminals by following the money. Law enforcement, as well as many angry users, will have some strong questions for Twitter about how this could have happened.

Cameron Winklevoss, who was declared the world’s first Bitcoin billionaire in 2017 along with his twin brother Tyler, tweeted a message on Wednesday warning people not to participate in the “scam”. In the short time it was online, the link displayed in the tweets of targeted accounts received hundreds of contributions totaling more than $100,000 (£80,000), according to publicly available blockchain records.

 

See more news here.

Subscribe to our newsletter

Don't miss new updates on your email
Scroll to Top