A wide-ranging attack on Twitter, trumpeting a fake Bitcoin giveaway, targeted many high-profile accounts, including those of former US President Barack Obama, former Vice President Joe Biden, Apple, Uber, Kanye West, Elon Musk, Bill Gates and Warren Buffet Wednesday. So far, the scam appears to have brought in 11 Bitcoin, worth $101,000.
Twitter did not immediately comment on the hack. The company appeared to initially get the situation under control—a few hours after it started—by preventing celebrity "blue check" accounts from tweeting.
Seems verified accounts are currently blocked from tweeting.
The scam tweets directed users to send a relatively small amount of Bitcoin to a specific address with the promise of a larger amount of Bitcoin sent back in return. It's a tried and true scam, and no Bitcoin ever gets sent back.
These types of scams have proliferated on Twitter for years, though not by taking over the real accounts of Twitter users. In the past, scammers would simply set up phony accounts and pretend to be a well-known figure giving away free crypto. Famously, Elon Musk once teamed up with the creator of Dogecoin, Jackson Palmer, to retaliate and help fight the scammers.
Bitcoin-related accounts are affected
But it's not just mainstream celebrity accounts that were hit. The hacker also targeted many Bitcoin and cryptocurrency-related accounts. The Binance corporate Twitter account, its CEO, and Tron's Justin Sun were also among the high-profile accounts hacked.
Not long after the Binance tweets,
Justin Sun's account also tweeted the fake promotion and link. Gemini, the New York-based exchange, KuCoin, Bitfinex, and the Bitcoin.com Twitter account followed suit.
The tweet redirects users back to a website that claims “Huobi, Kucoin, Kraken, Gemini, Binance, Coinbase and Trezor are partnered to give back to the community” because “COVID-19 has made serious damage [sic] to the traditional economy.”
It then tells readers that the exchanges will be giving away 5000 Bitcoin (over $45.9 million)—and users just need to make a small donation to immediately receive a higher amount of Bitcoin.
Many Twitter users immediately cottoned to the magnitude of the hack; some worried about whether their actual crypto accounts had been attacked as well. “Does this mean that my crypto stored on Binance is compromised?” tweeted one. (A Binance spokesperson would only tell Decrypt: “The security team is actively investigating the situation of this coordinated attack on crypto Twitter.” However, the intrusion seemed to be limited to Twitter.)
Coinbase, the biggest crypto exchange in the U.S., appeared to get wind of the scam early and reportedly blocked users from giving money to the wallet address.
It seems like some Twitter API posting service has been compromised and being used to send out fake "giveaway" tweets from popular crypto/blockchain accounts. "CryptoForHealth" is a scam.
No way are all these accounts unprotected by strong passwords and TOTP 2FA
The hack was just the latest to raise concerns about online security—crypto scams, in particular, are up yet again this year.
In just the first six months of 2020, over $24 million was stolen in Bitcoin, with fraudulent websites promising huge cryptocurrency returns continue to pop up and con unsuspecting would-be investors.
Binance, one of the world’s most popular exchanges, has been hacked in the past. In May 2019, the exchange lost $40 million worth of Bitcoin.
Still, as is usual in the crypto world, true believers said that this hack might, in the end, actually be good for Bitcoin. "The fact that scammers asked for a good, liquid and easily used form of digital money is not a slight on bitcoin, it's a compliment," tweeted Bitcoin evangelist and author Andreas Antonopoulos. "If a kidnapper asks for uncut diamonds and swiss bearer bonds, do you blame the diamonds and bonds?'
Meanwhile, the price of BTC, though it surged briefly, fell back down to earth.
Stay on top of crypto news, get daily updates in your inbox.