Twitter accounts of the rich and famous—including Elon Musk, Bill Gates, Jeff Bezos, and Joe Biden—were simultaneously hijacked on Wednesday and used to push cryptocurrency scams.
As of 3:58 PM California time, the wallet address used to receive victim’s digital coin had received more than $118,000, though it wasn’t clear all of it came from people who fell for the scam. It The bitcoin came from 356 transactions all occurred over about a four-hour span on Tuesday. The wallet address appeared in tweets from at least 15 accounts—some with tens of millions of followers—that promoted fraudulent incentives to transfer money.
“I’m giving back to all my followers,” one now-deleted tweet from Musk’s account said. “I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!” A tweet from the Bezos account said the same thing. “Everyone is asking me to give back, and now is the time,” a Gates tweet said. “I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000.
Other hijacked accounts belonged to Barack Obama, Apple, Kanye West, and a raft of cryptocurrency entrepreneurs. Here’s a sampling of some of the scammy tweets:
As of 2:58 PM California time, Musk’s account continued to pump out fraudulent tweets, despite the mass account hijackings being two hours old. What’s more, a screenshot tweeted by a security researcher showed that attackers have changed associated email addresses of some of the hijacked accounts.
That so many social media accounts were taken over in such a short time and remained hijacked for so long is extraordinary if not unprecedented. Previous hijackings that happened to one or two high-profile accounts to promote scams were the result of phishing attacks or the accounts being protected by weak passwords. And in almost all cases, the rightful account holders quickly regained control.
The ability of the attackers to regain control of accounts was also highly unusual. The compromise of so many accounts—many belonging to people who are seasoned in the importance of having good security hygiene—raised serious questions that the compromises were the result of a breach of Twitter’s infrastructure. As the hijackings continued, Twitter said that while it investigated, it was suspending the ability of many but not all Twitter users to tweet or respond to tweets.
A spokeswoman said Twitter personnel are looking into the cause and would respond soon. A spokeswoman for Binance said the security team for the cryptocurrency exchange was investigating. Emails to some of the other affected account holders weren’t immediately returned.
This is a developing story. This post will be updated as more details become available.
