Hackers took over the accounts of prominent individuals and organisations on Twitter on Wednesday, promising a cryptocurrency giveaway of 5000 BTC ($45,889,950) “to the community”. In less than four hours the address they sent had received nearly $120,000 in what many are calling the largest hack on Twitter.
Following the attack, Twitter said the hackers had successfully targeted the accounts of its employees with access to internal systems.
The affected individuals and companies include Elon Musk, Bill Gates, Barack Obama, Binance, KuCoin, Coinbase, Ripple, Tron’s Justin Sun, Bitcoin, Cash App, Coindesk, and Litecoin’s Charlie Lee.
The hackers’ messages sent within minutes of each other asked readers to claim their rewards from an inserted link associated with “Crypto For Health”.
In one of the tweets sent from the account of Elon Musk, the hackers asked for Bitcoin and promised to “double all payments” sent to an address.
A tweet sent from Elon Musk’s Twitter account on Wednesday asked for Bitcoin and promised to “double all payments” sent to an address.
“Everyone is asking me to give back, and now is the time,” the tweet said. “You send $1,000, I send you back $2,000.”
The Musk’s account sent three Bitcoin tweets from a Twitter web account and a reply to Bill Gates which were promptly deleted.
The bitcoin address linked in the tweets posted to Gates’s and Musk’s accounts was quickly inundated with more than 255 transactions, totaling more than $100,000. Twitter has admitted that it is aware of ‘security incidents’ impacting accounts and is ‘taking steps to fix it’.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the company said in a series of tweets.
Twitter proceeded to temporarily suspend every verified account from tweeting altogether. Account hijacks on Twitter have happened before, but this is the first time it’s happened at such an unprecedented scale on the social network, leading to speculations that hackers grabbed control of a Twitter employee’s administrative access to “take over a prominent account and tweet on their behalf” without knowing their passwords or two-factor authentication codes.
