Getting your Trinity Audio player ready...
|
Several high profile Twitter accounts, including that of former U.S. President Barak Obama, Tesla CEO Elon Musk and Microsoft co-founder Bill Gates, were compromised on July 15—and used to promote a digital currency scam.
How it happened
In their official announcement, the Twitter team said that accounts were compromised due to a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Support (@Support) July 16, 2020
The social media company said the attacker was able to persuade Twitter employees into giving them access to internal tools that permitted them to access nearly every Twitter account. A Vice report, however, claimed the takeover was an inside job, involving two individuals who paid a Twitter employee to give them access to the tools needed to compromise accounts.
Regardless of which story is actually true, an unauthorized third party had the tools to take over Twitter accounts and used their power to promote a digital currency scam.
The Scam
The scam itself is nothing new; the hackers used high-profile Twitter accounts with millions of followers and tweeted them a message along the lines of “I am doubling all payments sent to my BTC address” or “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community.”
Of course, the owner of the BTC wallet address had no intention of actually doubling the payments sent to the wallet address they posted and then returning it to the original sender. Through this scam, the hacker was able to collect roughly 12.864 BTC at their wallet address, equivalent to roughly $116,347.61 at press time.
The hacker started by targeting high-profile digital currency accounts, such as Binance, Binance CEO Changpeng Zhao, Gemini, and more. It eventually moved outside of the digital currency space, compromising Apple, Kanye West, and Amazon CEO Jeff Bezos’s accounts as well.
Twitter’s solution
When the team at Twitter learned of this issue, they immediately disabled the affected accounts. Shortly afterward, Twitter disabled all verified accounts and prohibited them from tweeting for a while. In addition, Twitter is no longer allowing individuals to tweet digital currency wallet addresses; we tried to tweet out a BTC, BSV, and ETH wallet address but we’re met with an error that said “Something went wrong, but don’t fret–let’s give it another shot” each time.
ℹ️ Due to anti-hack measures taken by Twitter the Whale Alert bot can no longer post any transfers and we cannot manually add them either. We hope Twitter will resolve the issue soon. Transfers are still being posted to our Telegram channel: https://t.co/vVRNZuovHX
— Whale Alert (@whale_alert) July 16, 2020
Bitcoin solves this
“Bitcoin prevents this because each user is holding their password in the form of private keys, and signing with those keys to gain access to their account like they do on Twetch,” said Josh Petty, CEO of Twetch. “Every twetch is signed by these keys, but Twetch itself never has to store or manage a private key in a centralized server. In order for this attack to take place on Twetch, the hackers would have to hack each user and get their private key – individually – greatly increasing the cost of the attack. On Bitcoin, there are no honeypot databases!
If Twitter was built on Bitcoin, this attack would not have happened. On Bitcoin each individual holds their own private keys—a wallet cannot be compromised from a central location like an employee or server as it was during the July 15 Twitter attack. Instead, for a hacker to successfully take over a Bitcoin-based social media network, they would have to attack each and every user, not just one individual who has access to every individual account.
It is upsetting to know that Twitter can be compromised so easily and to know that Twitter has a single point of failure. It will be interesting to see if any Twitter user’s personal identification was compromised during this attack.