In brief
- Hackers targeted over 346 million users with their antics, but only 12.5 Bitcoin was swindled (so far).
- Industry experts say the hack could have been a statement, not a money grab.
- Ethereum's co-founder Vitalik Buterin speculated the attack could have "caused serious damage."
Hackers compromised the personal accounts of over 25 prominent and influential Twitter users yesterday, including US Presidential nominee Joe Biden and former US President Barack Obama, to perpetuate a Bitcoin “giveaway” scam.
But for all their efforts—like infiltrating a billion-dollar company by allegedly bribing staff, according to Vice—the yet-unidentified hackers have little to show. In all, they extracted just 12.5 Bitcoin (about $120,000 at current rates), which by all means is a lot of money but a relatively small haul when you consider the scale of the hack.
Doing the math
We ran the numbers. The affected users—ranging from crypto exchange Binance to Elon Musk, to Mike Bloomberg, to Apple, to Wiz Khalifa, and even Kim Kardashian—command a cumulative following of approximately 346 million Twitter users.
Here is a compilation of all high-profile Twitter account hacks that happened yesterday in chronological order. It all started at 2:16 PM ET with a known crypto account @AngeloBTC asking for payment to join a fake telegram paid group. pic.twitter.com/h1mVweoSTv
— Larry Cermak (@lawmaster) July 16, 2020
That’s not to say all those Twitter users saw the scam tweets, and there will be a lot of overlap across their followers. But even if just one percent of those followers saw them, that would amount to just $0.0003 per user.
“Imagine hacking a $28 billion company and only getting $118,203.00,” tweeted Alex Adelman, CEO and co-founder of Bitcoin wallet service Lolli.
Ethereum co-founder Vitalik Buterin agreed, stating the hack could have been much worse. “This attack could have caused serious damage. I'm actually glad a hacker motivated by Bitcoin profits got to the attack vector before far more nefarious actors seeking to leak private data, manipulate stock prices, manipulate elections or start wars did,” tweeted Buterin.
But why was the amount so small relative to the exposure?
A spokesperson at Huobi's security team said, "This scam has clearly targeted a large amount of accounts, including accounts in the cryptocurrency community, as well as accounts with a larger number of followers. After all, there is a limited population of people who hold Bitcoin accounts. And the fraudulent tactics are too simple. Therefore the consequences were not very serious."
In this case, the slow on-ramp to buying Bitcoin may have actually saved some potential victims. Those who saw the scam, but didn't have any Bitcoin, would have had to sign up to an exchange, submit identity documents and wait 1-3 days before they're able to actually buy any Bitcoin. And by this point they are more likely to have seen reports that the tweets were fake.
Aleks Svetski, the founder of Bitcoin wallet app Amber, argued that the hackers may simply have had a different objective. Speaking to Decrypt, he said, “‘Stealing some money’ was not the goal of this hack, because that could've been done to a MUCH larger degree. This was some people that understand Bitcoin and wanted to make a point.”
He suggested that this goal may have been to criticize how fragile and vulnerable centralized companies are.
On the other hand, centralized exchanges were able to play a part in preventing victims from losing their money—which may have kept losses to a minimum.
At least three crypto exchanges, including Huobi, OKEx, and Coinbase, blocked their customers from transferring money to the scammer’s Bitcoin address. In some sense, centralized exchanges saved the day—after a centralized company got hacked.
So perhaps centralization isn’t all bad.