Hackers compromised a number of extremely high profile Twitter accounts in arguably the largest coordinated Social Media attack in history. Due to the attackers’ Bitcoin modus operandi, the hack is becoming widely known as a “Bitcoin hack”, when the fundamental vulnerability was with Twitter – of course, Bitcoin did nothing wrong and was in no way compromised (it never has been compromised to date).
The unknown hackers tweeted identical messages promoting a Crypto giveaway scam. The tweets stated, “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community.” This was followed by the link to the Crypto scam’s website.
The hackers first targeted large crypto personalities and exchange accounts, and was first reported by South African Riccardo Spagni of Monero:
Someone’s about to have a terrible, horrible, no good, very bad day. pic.twitter.com/VWXSlPbRXl
— Riccardo Spagni (@fluffypony) July 15, 2020
Hackers then went even further and compromised the accounts of Bill Gates and Elon Musk, tweeting messages encouraging users to send BTC to an address with promises that the sender would receive double the amount. Most of the Tweets were removed soon after they had been posted.
At this point it is believed that an internal employee panel was hacked.
Our Executive Editor James Preston received info from a Discord account that was one of the first to highlight this being an internal breach at Twitter:
Look like it was an internal Twitter staffer’s account, allowing the hackers to operate in a form of “God mode”. pic.twitter.com/coT0tcBsYP
— James Preston (@JamesPrestonZA) July 15, 2020
Twitter CEO Jack Dorsey, long a Bitcoin proponent, publicly apologised on his Twitter account, stating that it was a tough day for him and his team.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
The charismatic CEO then retweeted a statement from the Twitter Support account, which stated that this was a “social engineering attack”, highlighting just how significant in scale the attack was. The attack targeted verified and VIP accounts, which prompted Twitter to disable the ability to tweet and reset passwords for verified accounts for a period of time.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
There is no doubt that this was the largest and most significant Social Media attack in the history of the internet. What is most telling though, is that Bitcoin is the currency these attackers wanted. They could have used PayPal addresses, Venmo, Stripe or the CashApp – among many other options. Instead they chose Bitcoin. In the same way “real world” criminals seek jewelry, gold and precious metals because of their value – these criminals wanted Bitcoin. In the same way that jewelry, gold and precious hold immense value to everyone in society, this highlights just how valuable Bitcoin is and how far criminals will go to get their hands on it.
Unlike gold and precious metals however, Bitcoin can be stopped. Coinbase announced they were blacklisting the attacker’s addresses, preventing any Coinbase users from sending Bitcoin there, and from the attackers sending their Bitcoin to Coinbase in order to sell it (although it would likely get sold on a black market). Such a security move could never be done with physical assets (besides dyed bank notes).
What is most unfortunate is the media’s response to the attack, highlighting the hack as a “Bitcoin problem” instead of highlighting the security breach of Twitter’s security protocols.
The name of Bitcoin will forever be associated with the largest hack in history. Whether this will be a good thing for the popularity and adoption of Bitcoin or instead have an immensely negative impact on the cryptocurrency remains to be seen.
For now we know just how much these “social engineers” wanted Bitcoin.