SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Unprecedented Twitter bitcoin scam targets Elon Musk, Bill Gates, Apple
Thu, 16th Jul 2020
FYI, this story is more than a year old

The Twitter accounts of several prominent public figures including Bill Gates, Joe Biden, Elon Musk and Bill Gates have been hacked by cyber-attackers with the intention of spreading a bitcoin-related scam.

As part of the attack, the hacked accounts each tweeted a link and implored their millions of followers to send bitcoin to the address, promising to send back double the donated amount back to the sender.

More than 11 BTC - equivalent to over US$100,000 - was collected by the bitcoin wallet linked to the address in the attack as the scam spread around Twitter this morning, according to the Guardian.

Twitter has acknowledged the incident, with the Twitter Support account promising users that a solution is being worked on.

"We are aware of a security incident impacting accounts on Twitter," the tweet read.

"We are investigating and taking steps to fix it. We will update everyone shortly."

Later, many Twitter users began reporting an inability to create tweets, seeing error messages reading, "This request looks like it may be automated. To protect users from spam and other malicious activity, we can't complete this action right now. Please try again later."

The error was confirmed as being related to the attack this morning when Twitter Support created a thread linked to its previous tweet.

The new tweet read, "You may be unable to Tweet or reset your password while we review and address this incident."

It wasn't just prominent personalities who had their Twitter profiles compromised. The accounts of several cryptocurrency companies, including Bitcoin, Ripple, Binance, Coinbase and Coindesk also seem to have been victims of the widespread attack, all tweeting out the same message this morning: "We have partnered with CryptoForHealth and are giving back 5000 BTC to the community."

According to TechCrunch, the scammer's website was promptly taken down by Namesilo, the domain registrar used by the attackers. Namesilo chief executive officer Kristaps Ronka told TechCrunch that the company suspended the domain “on the first report” it received.

"This was a case of human failure - as a company with offices all around the world, Twitter has a lot of housekeeping to do," says Acronis co-founder and president of technology Stas Protassov.

"And we believe there is a bigger play at hand. The attackers could have gained access to highly confidential DMs and private info of their high-profile targets - and used the scam as a power tool, to prove they had the info."

Other Twitter accounts affected by the widespread attack included those of Apple, Uber, Barack Obama, Jeff Bezos, Kanye West, Mike Bloomberg, and several others.

Given the number of Twitter profiles of major companies and extremely high-profile people that have been affected, analysts are suggesting that the operation began with a breach of a Twitter admin account, which would have given attackers administration privileges, thus giving them the ability to bypass the passwords of any Twitter account.

Tenable staff research engineer Satnam Narang says while 'double-your-bitcoin' scams have circulated on Twitter for years, the coordinated attack seen today was unprecedented.

"The hackers ask users to send anywhere between 0.1 BTC to 20 BTC to a designated Bitcoin address and that they'll double victims' money," says Narang.

"This is a common scam that has persisted for a few years now, where scammers will impersonate notable cryptocurrency figures or individuals.

"What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams. Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater," says Narang.

"We strongly advise users never to participate in so-called giveaways or opportunities that claim to double your cryptocurrency because they're almost always guaranteed to be a scam.

This is a developing story.