Skip to main content

Twitter reveals details about massive Bitcoin hack

Twitter has revealed what it knows so far about the major hack involving a bitcoin scam that targeted dozens of high-profile accounts on its service on Wednesday, July 15.

In a series of tweets posted on its Support account, the company said it believed the hack had been made possible by tricking one or more of its employees who had access to Twitter’s internal systems and tools.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the company said. Such an attack involves the perpetrator duping the target — in this case one or more individuals at Twitter — into making security-related errors or divulging sensitive information that enables the hacker to gain access to a company’s internal systems. There are a number of ways in which this can be done, including through malicious emails that impersonate a trusted person.

“We know they used this access to take control of many highly visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

It said that once it learned of the incident, it immediately locked down the affected accounts and removed the scam tweets posted by the attackers.

Limited functionality for verified users

For a couple of hours, it also limited functionality for verified accounts — those with blue ticks — as a precautionary measure while initial investigations were carried out. Twitter acknowledged that the measure, which prevented verified accounts from posting tweets, was disruptive for many in its community, but described it as “an important step to reduce risk,” adding, “Most functionality has been restored but we may take further actions and will update you if we do.”

Compromised accounts locked

As for the compromised accounts, the company said it has locked all of them down and would only restore access to the original account owner “when we are certain we can do so securely.”

In its final message in a flurry of tweets posted around 7:40 p.m PT, it said: “Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”

Dozens of high-profile accounts were hit in the scam, with each one posting a message that offered to pay a sender double any payment they made to a Bitcoin wallet address included in the tweet. According to Blockchain.com data, more than $100,000 had been sent to the Bitcoin wallet via more than 370 transactions as of early Wednesday evening.

Digital Trends

Former President Barack Obama and the presumptive Democratic presidential nominee, former Vice President Joe Biden, were among the hacked accounts. Microsoft co-founder Bill Gates, Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, entertainer Kanye West, and former New York City mayor Michael Bloomberg were also targeted, as were tech firms such as Apple and Uber.

Twitter CEO Jack Dorsey described it as a “tough day” for the company, adding, “We all feel terrible this happened.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Breaking down the Twitter whistleblower allegations and how it affects the Musk takeover
Jack Dorsey sits in front of a Twitter logo.

On Tuesday, The Washington Post published an extensive report about a Twitter whistleblower who alleges that the social media company's executives have misled, well, just about everyone (but especially federal regulators and Twitter's own board of directors), about its own security issues. The whistleblower complaint details quite a few alleged serious problems at Twitter, including security issues and a lack of resources to fully address disinformation. Notably, the complaint also mentions Twitter's spam and bot issues. If you've been following along with the Elon Musk Twitter takeover saga, you know that ascertaining the true number of bots on the bird app has been a particular roadblock for Twitter's acquisition.

In July, the complaint was filed with two agencies (the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC), as well as the Department of Justice. And the complaint wasn't filed by just anybody. The whistleblower was none other than Twitter's former head of security, Peiter Zatko. Zatko is also a well-respected hacker himself, also known as "Mudge."

Read more
Twitter’s latest features are all about curbing election misinformation
Twitter's new election-specific features shown on a smartphone.

As the midterm elections approach in the U.S., one social media platform this week has announced further measures it will take to combat misinformation in the lead-up to this fall's congressional elections.

On Thursday, Twitter published a blog post in which it detailed its plans on curtailing misinformation on its platform, especially as it relates to the 2022 U.S. midterm elections. Of particular note was a series of new misinformation-related features Twitter plans to launch for use in the months leading up to the midterm elections.

Read more
This Twitter vulnerability may have revealed owners of burner accounts
Twitter app on the OnePlus 10T.

Twitter recently announced the existence of a security vulnerability that poses a particular risk for anonymous and pseudonymous Twitter accounts.

On Friday, the popular social media platform published a blog statement describing the nature of the security vulnerability, which, if exploited, could let someone send contact information (phone numbers, email addresses) to Twitter's systems, which would then "tell the person what Twitter account the submitted email addresses or phone number are associated with, if any." Essentially, with this bug, if you had someone's contact information, you could use it to figure out which accounts on Twitter were theirs.

Read more