In what was perhaps the largest cyber-attack as well as a crypto scam of 2020, popular social networking platform Twitter was compromised and attackers took over several verified celebrity accounts, including the likes of former American president Barack Obama and Tesla CEO Elon Musk.
The coordinated attack was deployed at a large scale on July 15, but the attackers seemed to be promoting a scam from the hacked accounts rather than sabotaging their victims.
The crypto space was no exception and Twitter accounts for Binance, Gemini, Coinbase, Bitfinex, Justin Sun, Charlie Lee, and many others were compromised.
The hackers sent out the same message from every compromised account related to the crypto space. The tweets read:
“We have partnered with CryptoForHealth and are giving back 5,000 BTC to the community. See more here: cryptohealth.com.”
The scam wasn’t limited to just businesses, and popular crypto media outlet Coindesk’s twitter account was compromised as well, with the same message being tweeted.
Besides targeting the crypto space, the attackers also ensnared several celebrity accounts, notably Bill Gates, Jeff Bezos, Elon Musk, and Democratic presidential hopeful Joe Biden.
Bitcoin critic and gold bug Peter Schiff also fell victim to the attack, but the attacker promised on doubling gold bullion this time.
Twitter officially confirmed that the attack was caused by “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Jack Dorsey, CEO of Twitter, tweeted:
According to a report published by Techcrunch, a source involved with underground hackers, to the media outlet that a hacker going by the username “Kirk”, supposedly garnered $100,000 in a few hours by gaining backdoor access to an internal Twitter tool, and used it to control the popular Twitter accounts.
The attacker used the tool to reset the associated email addresses of affected accounts to make it more difficult for the owner to regain control.
The source shared screenshots of a Discord chat, where Kirk wrote: “Send me @’s and BTC, And I’ll get ur shit done,” he said, referring to hijacking the Twitter accounts.
The tool used by the attacker is something that is used by Twitter employees. The tool allows complete access to a user’s account, including changing the email associated with the account and also suspending the user altogether.
While it is still a mystery as to how the attacker got access to the tool, the source speculated that a Twitter employee’s corporate account could have been hijacked. With access to such an account, the attacker could have easily infiltrated Twitter’s internal servers.
The source, however, noted that the involvement of a Twitter employee was highly unlikely.
To gain control of the situation, Twitter temporarily suspended all verified accounts, preventing them from tweeting.
As of now, the attack managed to dupe Twitter users of 12.86 BTC, roughly $118,000.
A hidden message to the Hackers
While everyone was focused on the Bitcoin scams being promoted and celebrity accounts being hacked, one Reddit user pointed out to what seems to be some hidden messages sent to the hacker’s BTC wallet address.
As per information from Blockchain data, a user sent 0.00005348 BTC, worth approximately half a dollar, in seven different transactions to the attacker’s wallet address, spending 0.00121639 BTC in transaction fees (approx. $11.19) to send this message:
“Just Read All
Transaction Outputs As Text
You Take Risk When Use Bitcoin
For Your Twitter Game
Bitcoin is Traceable
Why Not Monero”
This seemed like a message, or more like a suggestion, for the attackers, asking them why they chose Bitcoin when Monero has superior privacy features.
Monero (XMR) is one of the most popular privacy coins and is considered a tool for darknet activities. Reddit user ethereumflow believesthe message was strategic, as it made people research some of BTC’s differences with XMR, considering not many people know what altcoins are:
“I doubt anyone that has Monero would fall for this scam but a lot of gullible people have BTC, no disrespect. I’m sure the intention was always to eventually swap for Monero. Questions will be directed at whichever exchange this happens with I’m sure. Is this good press for Monero? I don’t know. But it does advertise the high level of privacy and security.”
While the attacks shook the internet, “#bitcoin” was trending all over twitter, giving the world’s number one cryptocurrency massive publicity. However, the event also dealt a massive blow to BTC’s already controversial reputation.
No official reports have been published yet, and The Daily Chain will continue providing updates on the event as the story unfolds.Until then, we advise our readers to be extra careful. For details on how to better protect personal data and crypto funds from cyber-attacks, please take a look at “8 things you need to do to stay safe in crypto”.