In brief

  • Coinbase and other exchanges have blacklisted the BTC address used by the scammer responsible for a recent Twitter hack.
  • Block explorers show that the address is still receiving Bitcoin in small amounts, likely "tips" from admirers.
  • It's unlikely that the hackers will be able to use the $120,000 in Bitcoin that they raised, as the address is under close scrutiny.

Major US crypto exchange Coinbase has said that it stopped over 1,100 of its users from sending 30.4 Bitcoin (around $280,000) to the hacker responsible for last week’s Twitter scam, by blacklisting the scammer’s BTC address, Forbes reported.

"We noticed within about a minute of the Gemini and Binance tweets," Philip Martin, Coinbase chief information security officer, told the outlet.

He added that just 14 Coinbase users managed to send around $3,000 worth of Bitcoin to the scammers’ address before Coinbase blacklisted it.

As Decrypt reported, the hackers hijacked the accounts of Joe Biden, Barack Obama and Elon Musk—among other well-known personalities—on July 16. The perpetrators then used the accounts to promote a common scam, in which victims send Bitcoin expecting to get twice as much back. In all, the scammer managed to net around $120,000 in BTC from unsuspecting victims.

BTC still dripping into scammers’ addresses

Although Coinbase and other exchanges moved quickly to block the scammer’s BTC address, it continues to receive small amounts of Bitcoin, worth between a few cents and just over $28, according to block explorers.

But who can still be sending money to such publicly covered—and already shut down—scam? While they could be unwary victims who are latecomers to the scam, cybersecurity firm Chainalysis reckons there’s another explanation: admirers looking to “tip” the hacker.

“We can only speculate as to why the donation addresses are continuing to receive small amounts of money,” the firm’s spokesperson told Decrypt. “One example explanation is that people often send ‘tips’ to addresses in high profile cases like this as a way of showing their approval for the stunt the actor pulled.”

These transactions also apparently have very small mining fees attached to them, thus all the latest “tips” are still unconfirmed—some even over a day after transactions were made.

However, it’s unlikely that the scammers will be able to use any of the funds sent to them—large or small—any time soon. Every crypto security firm in the world is likely watching the associated BTC addresses day and night, now.

“With many eyes on the stolen money, any counterparties to the perpetrators will face close scrutiny,” Chainalysis added.

That’s bad news for the hacker, since Bitcoin is, unlike some cryptocurrencies, eminently traceable. Perhaps surprisingly, the hacker even left messages alluding to this fact in the blockchain, asking “Why not Monero?” They may be wondering that themselves, now.