As has now been widely reported, the Twitter accounts of a number of major companies as well as prominent individuals with large Twitter followings were compromised on Wednesday in one of the most widespread breaches in Social Media history. The hack left its creators with 12.86 BTC ($117 000).
Twitter says that around 130 accounts were targeted by the attackers. However, the attackers were only able to gain control and send tweets from a small number of these accounts. Twitter also stated in another tweet that they have managed to lock the accounts that were compromised and will only restore access to the account owners when they are certain that they can do so securely. It is still not sure as to whether non-public data related to these accounts was compromised, but the company says it will continue to assess the situation.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Twitter Support (@TwitterSupport) July 17, 2020
Twitter believes that the hackers successfully targeted some of their employees with access to internal systems and tools. It is still being investigated if it was an actual Twitter employee who hacked the accounts or gave the tool to the hackers, a Twitter spokesperson told Motherboard. The hacker allegedly used the tool to reset the email addresses of the affected accounts, making it even more difficult for the owner to regain control of their accounts.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
What is important to note is that the hack was a “Twitter problem” and not a “Bitcoin problem”, which the media is portraying. The media is constantly portraying Bitcoin in a negative manner which creates a greater chance of the general public associating Bitcoin with scams. The mere fact that the hackers were trying to get their hands on Bitcoin speaks volumes.
Meanwhile, it appears that the hackers have already begun moving the “stolen” (received) Bitcoin around. This is clearly in an attempt to “mix” the Bitcoin in order to wash it of its traceability, but also to see security protocols at exchanges.
The hackers to date have begun to move small amounts of Bitcoin less than $20 in value to exchanges such as Binance, Coinbase and Bitpay, as reported by The Block’s Larry Cermak:
As far as I can tell, the Twitter hacker has made small (<$20) deposits to four exchanges already (Coinbase, Binance, BitPay, and CoinPayments). Likely to just test out their reaction. They also already started to move the funds around and started mixing in one instance.
— Larry Cermak (@lawmaster) July 17, 2020
The Blockchain Group are reporting that South Africa’s Luno exchange and India BitSSA exchange have also potentially received some of the Bitcoin, but other reports are now refuting that analysis. The full diagram of the Blockchain Group’s analysis can be found here.
We will continue to update as more information becomes available.