The official Twitter accounts of prominent users, including Bill Gates, Apple, Elon Musk, Jeff Bezos, Joe Biden, Barack Obama, Uber, bitcoin specialty firms (Binance, Gemini, Coinbase, Bitfinex, Justin Sun, Charlie Lee and others) were hijacked on Wednesday in a major hacking spree trying to trick people into sending cryptocurrency bitcoin.
The scammers were using hacked accounts to promote a cryptocurrency scheme promising to give away up to 5,000 bitcoins to those sending between 0.1 BTC to 20 BTC to a "contribution" address.
According to Blockchain.com, which monitors transactions made in cryptocurrencies, a total of 12.58 bitcoins, worth almost $116,000, had been sent to the email addresses mentioned in the fraudulent tweets.
"Happy Wednesday! I am giving back Bitcoin to all of my followers. I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!" the message that appeared on Musk's Twitter account said.
It also mentioned that the offer was "only going on for 30 minutes."
The fake messages posted on the other high-ranking accounts were of a similar nature.
Twitter disabled the ability to tweet from validated accounts for about two hours while working on a fix. Soon after it began investigating the incident, Twitter said in a series of tweets that the incident appeared to be a coordinated social engineering attack” against some Twitter employees “with access to internal systems and tools.” The company said it was “looking into what other malicious activity [the hackers] may have conducted or information they may have accessed and will share more here as we have it.”
While Twitter is keeping silent on what tools the attackers exploited or how the attack was carried out, Motherboard reported that a Twitter employee was responsible for a of high profile account takeovers. According to the report, in the underground hacking community are being shared screenshots of an internal admin tool allegedly used to hack the accounts, potentially by resetting account email accounts and then recovering passwords.
Motherboard said it has talked to a hacker who said they paid a Twitter employee to change the email addresses of popular accounts using the internal tool so that they could then hijack them.