Twitter 'feels terrible' for high-profile bitcoin scam that targeted politicians, CEOs

Twitter CEO Jack Dorsey has apologised after the social network fell victim to a cyber attack that hacked several high-profile accounts—including the official accounts of politician Joe Biden and tech moguls Bill Gates and Jeff Bezos—in order to spread a cryptocurrency scam.

The hacked accounts posted a message telling users they were "giving back to the community", linking to the address of a bitcoin wallet with the claim that they would send back double the amount of any payments made to the address.

Accounts targeted by the scam include Apple, Elon Musk, Joe Biden, Kim Kardashian West, Jeff Bezos, Bill Gates, Barack Obama, Wiz Khalifa, Warren Buffett, YouTuber MrBeast, Wendy’s, Uber, CashApp and Mike Bloomberg. Cryptocurrency-focused accounts such as @bitcoin, @ripple, @coindesk, @coinbase and @binance were the first targets of the scam posts.

Twitter's Dorsey posted a few hours ago (9 am Singapore standard time, July 16) to tell users the platform "feels terrible".

Tough day for us at Twitter. We all feel terrible this happened.

We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.

�� to our teammates working hard to make this right.

— jack (@jack) July 16, 2020

The platform's support team has launched an investigation into the attack. Its early assumptions are that it has detected what it believes to be a "coordinated social-engineering attack" by people who successfully targeted some Twitter employees who had access to internal systems and tools. The hackers used this administrative access to take control of many highly visible (including verified) accounts and Tweet on their behalf. 

Since the hackers took control of the accounts, investigative journalist Brian Krebs raised the question of whether the hackers could have viewed the direct messages of those high-profile politicians, CEOs and celebrities.

Here's a question about the twitter compromise today that hasn't yet been answered: With the internal twitter tools access the attackers had, could they also have viewed the target account's direct messages?

— briankrebs (@briankrebs) July 16, 2020

The affected accounts were locked down and scam Tweets removed within hours of the attack. Twitter confirmed it locked a whole slew of verified Twitter accounts from tweeting for a period of time—even those with no evidence of being compromised—while it investigated the issue.

"This was disruptive, but it was an important step to reduce risk," the @TwitterSupport account said. "Most functionality has been restored but we may take further actions and will update you if we do."

Cryptocurrency social-media listening firm LunarCrush said the scam led to the biggest ever spike in conversation about cryptocurrency within a 24-hour time span, with more than 550,000 social posts about cryptocurrency across platforms including Twitter, Reddit, YouTube and Medium, of which 95% of posts were related to Bitcoin.

The hack has had a little to no effect so far on Bitcoin’s price, but $TWTR is down in after-hours trading, LunarCrush said.