The Twitter account hacks: a comprehensive timeline of events

Quick Take

  • A wide array of Twitter accounts were compromised in a massive attack on Twitter yesterday
  • The attack started with the takeover of the account of one of BitMEX’s leading traders, AngeloBTC
  • Over the next four hours, at least 30 high-profile Twitter accounts were affected

A wide array of Twitter accounts owned by popular figures, large companies, and crypto exchanges were targeted Wednesday in a wide-ranging attack on Twitter. 

The accounts in question — which included the likes of former U.S. president Barack Obama, reality TV star Kim Kardashian, Microsoft co-founder Bill Gates, and entrepreneur Elon Musk — were used to post bitcoin giveaway scams. Twitter eventually disclosed that the hacker was able to compromise some of Twitter's employees with access to internal systems and tools and then change the email addresses associated with those accounts.

But how did all of this start? In crypto, of course.

The first account hijacking happened at 2:16 PM ET when one of BitMEX's leading traders AngeloBTC posted a tweet that asked users to join his paid private trading group. It became immediately clear that the account was not controlled by the person behind it and while the tweet got quickly deleted, the impersonator was still able to fool some people.

Source: Twitter

The impersonator didn't tweet out the Bitcoin address but instead distributed it through direct messages to people that asked for it. The address currently holds 7.4 BTC (~$67,000).

Source: BitInfoCharts

The second takeover took place almost an hour later when Binance's account tweeted that the company has partnered with "CryptoForHealth" to reward community members with BTC.

Source: Twitter

The attached link led to the second Bitcoin address, which was then used for the majority of other tweets. 

Source: BitInfoCharts

In the next hour, ten other cryptocurrency companies and personalities were targeted with the same exact message that led to the same address. 

Ripple's account was attacked next with a new message that said that the company was giving back 2,000 XRP to random addresses that send money to their XRP address. The address, which doesn't even appear to exist, did not receive any XRP.

Source: Twitter

Attack expands to major accounts

After Ripple, the hacker has moved on from targeting accounts associated with cryptocurrency and started gaining access to mainstream accounts, including those owned by major figures and politicians.

Elon Musk, who is followed by nearly 37 million people, was the first mainstream target, followed by Bill Gates, Uber, Apple, Kanye West, Jeff Bezos, and Mike Bloomber,  among others.

Source: The Block Research

The last targeted celebrity before Twitter acted was Kim Kardashian, whose account tweeted the third unique Bitcoin address.

Source: BitInfoCharts

Although some of the attacks used a different tweet format and three different addresses, the attack was orchestrated by the same hacker (or a group of hackers) because they were transacting between each of the three addresses, as shown in the data.


Address A — 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF

Address B — bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh

Address C — bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l

Examples of transactions between each address

  1. Address A and B
  2. Address B and C
  3. Address A and C

Timeline breakdown

Source: The Block Research

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.