Twitter Explains How 130 of the Most Popular Accounts Got Hacked

On Wednesday, July 15, Twitter accounts belonging to prominent individuals, including Elon Musk, Barack Obama, Bill Gates, Jeff Bezos, and a number of crypto industry executives, were commandeered by hackers who allegedly gained access to internal content moderation tools.

A scam was posted requesting Bitcoin to get double the returns. The news went global, and the uninformed crypto detractors blamed Bitcoin once again, though markets did not react, and the price of the asset was unaffected.

Inboxes Compromised

Twitter has updated the details on what actually happened in a company blog post, with the latest addition coming Wednesday, July 22. The firm believes that attackers targeted certain employees through a social engineering scheme and used their credentials to access Twitter’s internal systems, including getting through two-factor protections.

It added that a total of 130 accounts were compromised, granting the attackers access to personal information, including email addresses and phone numbers. Almost a third of those accounts also had their private messages compromised according to the company:

“We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands.”

Only 13 Bitcoin Pilfered

Crypto security firm, Chainalysis, has also carried out its own investigation into the digital incursion. It added that the scam took in just 13.14 BTC worth approximately $120,000 over the course of the afternoon.

Chainalysis revealed that the hack began with the account takeover of known crypto influencer, @AngeloBTC, who has 152k followers on the platform. The perpetrators began soliciting payments via Twitter direct messages to join a made up Telegram group devoted to Angelo’s trading tips.

More followed over the next few hours, and the BTC started to roll into three Bitcoin addresses to which victims were asked to send funds. Most of the funds were then sent to one scam cash-out address that has been active since May 3, 2020.

Crypto exchanges such as Coinbase blacklisted the scam addresses to prevent their customers from sending BTC there. Coinbase said it prevented just over 1,100 customers from sending a total of 30.4 BTC, worth almost $280,000, to the fraudulent addresses, according to Forbes.

The research added that, as of July 22, roughly 9 BTC is sitting in 23 wallets, 8 BTC has been sent to mixing services such as Wasabi Wallet, and 4 BTC has been sent to other entities.

There were three hackers involved, according to a New York Times interview, who met in a Discord channel devoted to hacking high profile social media accounts.