A wide array of Twitter accounts owned by popular figures, large companies, and crypto exchanges were targeted Wednesday in a wide-ranging attack on Twitter.
The accounts in question — which included the likes of former U.S. president Barack Obama, reality TV star Kim Kardashian, Microsoft co-founder Bill Gates, and entrepreneur Elon Musk — were used to post bitcoin giveaway scams. Twitter eventually disclosed that the hacker was able to compromise some of Twitter's employees with access to internal systems and tools and then change the email addresses associated with those accounts.
But how did all of this start? In crypto, of course.
The first account hijacking happened at 2:16 PM ET when one of BitMEX's leading traders AngeloBTC posted a tweet that asked users to join his paid private trading group. It became immediately clear that the account was not controlled by the person behind it and while the tweet got quickly deleted, the impersonator was still able to fool some people.
The impersonator didn't tweet out the Bitcoin address but instead distributed it through direct messages to people that asked for it. The address currently holds 7.4 BTC (~$67,000).
The second takeover took place almost an hour later when Binance's account tweeted that the company has partnered with "CryptoForHealth" to reward community members with BTC.
The attached link led to the second Bitcoin address, which was then used for the majority of other tweets.
In the next hour, ten other cryptocurrency companies and personalities were targeted with the same exact message that led to the same address.
Ripple's account was attacked next with a new message that said that the company was giving back 2,000 XRP to random addresses that send money to their XRP address. The address, which doesn't even appear to exist, did not receive any XRP.
Attack expands to major accounts
After Ripple, the hacker has moved on from targeting accounts associated with cryptocurrency and started gaining access to mainstream accounts, including those owned by major figures and politicians.
Elon Musk, who is followed by nearly 37 million people, was the first mainstream target, followed by Bill Gates, Uber, Apple, Kanye West, Jeff Bezos, and Mike Bloomber, among others.
Source: The Block Research
The last targeted celebrity before Twitter acted was Kim Kardashian, whose account tweeted the third unique Bitcoin address.
Although some of the attacks used a different tweet format and three different addresses, the attack was orchestrated by the same hacker (or a group of hackers) because they were transacting between each of the three addresses, as shown in the data.
Address A — 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF
Address B — bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh
Address C — bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l
Examples of transactions between each address
Source: The Block Research
© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.