Attack on Twitter, Bitcoin scam: what happened

What happened during the night will be remembered as the best successful attack in Twitter history. Some of the platform's most prominent accounts have been punctured to share a Bitcoin scam on their profiles. Among others, Elon Musk, Bill Gates, Jeff Bezos, Barack Obama, Joe Biden, Kanye West and Mike Bloomberg were affected, as well as companies such as Apple, Uber, Coinbase and Gemini. Referring to official sources, let's try to reconstruct what happened.

Twitter, the attack: the history

The first reports circulated yesterday evening when the users of the social network saw appear under the name of some well-known post characters with at least suspicious content. Below is a screenshot showing the one relating to Joe Biden, a Democratic candidate who challenges Donald Trump for his next term in the White House.

I want to return to the community. All Bitcoins sent to the address below will be returned doubled! If you send $ 1,000, I'll send $ 2,000 back. I will do it only for thirty minutes.



Attached is the address of a wallet to send Bitcoins to in the hope of receiving twice as much back. Considering the authoritativeness of the name, it cannot be excluded that many stumbled upon the scam. According to the New York Times, within a few hours of the first tweets appearing, hundreds of people have fallen into the trap, transferring a total of over $ 100,000.

Confirmation of what Twitter has called a "security incident" is arrived just before our midnight with a post that remained without updates for several hours.

We are aware of a security incident that is of interest to the Twitter account. We are investigating and taking the necessary steps to solve it. Will update you all soon.

We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.

— Twitter Support (@TwitterSupport) July 15, 2020



The response of the social is reached with the blocking of compromised accounts , many of which occurred, accompanied by the deletion of the tweet posted by the person who carried out the attack.

Once we became aware of the incident, we immediately locked down the affected accounts and removed the Tweets posted by the attackers.

— Twitter Support (@TwitterSupport) July 16, 2020



the Limited also features a number of important accounts , even if not compromised, so as to avoid the risk of consequences even worse.

We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

— Twitter Support (@TwitterSupport) July 16, 2020



A decision defined, not simple , but necessary to be able to re-establish a situation of normality.

This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

— Twitter Support (@TwitterSupport) July 16, 2020



The operation has been described as a’ coordinated action of social engineering that has targeted some of the employees of the platform to stretch their hands on the systems and tools used for access to resources from within the company.

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

— Twitter Support (@TwitterSupport) July 16, 2020



the investigation of what happened is still in progress. For the moment, the technical Twitter claim to have introduced new protections to limit access to the management tools.

Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.

— Twitter Support (@TwitterSupport) July 16, 2020



Between the impact of the attack and also the impossibility of a number a not better specified users to publish a post or reset the password .

You may be unable to Tweet or reset your password while we review and address this incident.

— Twitter Support (@TwitterSupport) July 15, 2020



The responsibilities of each other may be at least partly attributed to an employee of the company , if the screenshot that is obtained and shared from the Motherboard that shows the administration panel of the account should be legitimate.



it Seems at the moment to be excluded, the hypothesis of the interference of foreign , the more likely that the authors of the act wanted to simply take advantage of the notoriety of the account hacked to refill your wallet Bitcoin. A case will surely come to discuss.

Source: Twitter Support on Twitter