Cryptocurrency investors Cameron and Tyler Winklevoss said they believed all major Twitter accounts in the industry had been compromised.
Image: Bill Gates and Barack Obama
Bill Gates and Barack Obama.Getty Images
July 15, 2020.
By David Ingram and Kevin Collier
The Twitter accounts of Barack Obama, Jeff Bezos, Joe Biden, Elon Musk and many other high-profile people and companies became pawns Wednesday in one of the most visible cyberscams in the internet’s history.
More Exercise on Logarithms
Suspected bitcoin scammers grabbed control of accounts belonging to the rich and famous, as well as lower-profile accounts, for more than two hours during the afternoon and tricked at least a few hundred people into transferring the cryptocurrency.
A tweet typical of the attack sent from the account of Bill Gates, the software mogul who is the world’s second-wealthiest person, promised to double all payments sent to his Bitcoin address for the next 30 minutes.
“Everyone is asking me to give back, and now is the time,” the tweet said. “You send $1,000, I send you back $2,000.”
Similar tweets appeared on the accounts of rapper Kanye West, investor Warren Buffett and corporations including Apple, Wendy’s, Uber and the money transfer app Cash.
Twitter said it was looking into the attack.
“We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly,” the company said in a tweet.
The FBI said it was aware and had no other immediate comment.
The tweets began showing up sometime after 3 p.m. Eastern time, and the attack appeared to be continuing on scores of Twitter accounts more than two hours later. It was not immediately clear why Twitter wasn’t able to shut down the attack quickly. At around 6 p.m. ET, Twitter appeared to stop verified accounts from tweeting as the company tried to slow the spread of the scam.
The Biden campaign said in a statement that Twitter locked Biden’s account immediately and removed the related tweet. “We remain in touch with Twitter on the matter,” the campaign said
Some people were complying with the requests, according to the public register of Bitcoin transactions. The Bitcoin address linked in the tweets was quickly inundated with more than 200 instances of people sending it money, adding up to more than $115,000.
Other people on Twitter called out the tweets as obvious scams. Many tweets were deleted after several minutes, but in some cases similar language appeared from the same accounts later on. Musk’s account continued to tweet out the bitcoin solicitation hours after the attack began.
Rachel Tobac, the CEO of cybersecurity firm SocialProof Security, said the attack was likely the largest Twitter had ever seen.
“I’m surprised Twitter hasn’t gone completely dark to prevent misinformation campaigns and political upheaval,” she said in a text message. “We are lucky the attackers are going after bitcoin (money motivated) and not motivated by chaos and destruction.”
It’s not uncommon for individual Twitter accounts to be compromised, but the scale of Wednesday’s scam easily overshadowed previous breaches.
The attack was unusual for how many Twitter accounts were compromised, and for how long. Hundreds of Twitter accounts tweeted out identical language.
Kelley Robinson, a security advocate for Authy, a company that provides two-factor authentication, said the scale of the attack indicated the hackers had gotten administrative access at Twitter itself.
“It’s really unlikely that Bezos, Musk, and especially Biden all had credentials compromised,” she said over Twitter Direct Message.
Some of the accounts have huge followings. Gates’ has 51.1 million Twitter followers, while Musk’s has 36.9 million. Apple’s account has 4.5 million.
Shares of Twitter fell 3 percent in after-hours trading.
Cryptocurrency investors Cameron and Tyler Winklevoss, who are brothers, said from their Twitter accounts that they believed all major Twitter accounts in the industry had been compromised and were tweeting about a fake partnership.