Twitter Accounts Hacked to spread a crypto scam - $118,000 stolen
Twitter Accounts Hacked to spread a crypto scam - $118,000 stolen

Twitter Accounts Hacked to spread a crypto scam; $118,000 stolen

A number of high-profile Twitter accounts including @bitcoin, @apple, @JefBezos1 were hacked on Wednesday and used to spread a cryptocurrency scam.

In the initial wave of scam posts, @bitcoin@ripple@coindesk@coinbase and @binance were hacked with the same message: “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a website

The linked website was quickly pulled offline. Kristaps Ronka, chief executive of Namesilo, the domain registrar used by the scammers, told TechCrunch that the company suspended the domain “on the first report” it received.

Apple, Elon Musk, Joe Biden and Bill Gates also saw their accounts hacked. In the hours following the initial scam posts, Kim Kardashian West, Barack Obama, Wiz Khalifa, Warren Buffett, YouTuber MrBeast, Wendy’s, CashApp and Mike Bloomberg also posted the cryptocurrency scam.

The message posted by hackers on Barack Obama's Twitter account
  • Facebook
  • Twitter
  • Hacker News
  • reddit
  • LinkedIn
The message posted by hackers on Barack Obama’s Twitter account
Apple account was hacked as well; Bitcoin scam message posted
  • Facebook
  • Twitter
  • Hacker News
  • reddit
  • LinkedIn
Apple account was hacked as well; Bitcoin scam message posted
Joe Biden Twitter Account Hacked
  • Facebook
  • Twitter
  • Hacker News
  • reddit
  • LinkedIn
Joe Biden Twitter Account Hacked

The messages included the address of a bitcoin wallet whose balance grew rapidly to more than 12 BTC (more than $118,000) as the scam spread. Tweets with similar messages were repeatedly deleted and re-posted by some of the compromised accounts over the course of Wednesday afternoon.

Bitcoin wallet used in Twitter Hacked Accounts to spread cryptocurrency scam
  • Facebook
  • Twitter
  • Hacker News
  • reddit
  • LinkedIn
Bitcoin wallet used in Twitter Hacked Accounts to spread a cryptocurrency scam

“The amount of damage this could cause is very high,” said Douglas Schmidt, a computer science professor at Vanderbilt University. “These people could hold information gleaned from the hack for ransom in the future.”

“The likelihood of attacks like this increase when people are working remotely it is much easier for bad actors to impersonate someone through an email and gain access to their accounts,” said Schmidt. “Assuming this wasn’t someone inside Twitter trying to take revenge, it appears to be a spear phishing attack – someone who has access to admin privileges that can override two-factor authentication and strong passwords fell victim to a hack”.

The hack likely targeted a vulnerability on Twitter’s end rather than by the individual account holders, said John Ozbay, the chief executive of privacy and security tool Cryptee.

A Twitter spokesperson, when reached, said the company was “looking into” the matter but didn’t immediately comment.

  • Facebook
  • Twitter
  • Hacker News
  • reddit
  • LinkedIn

Update: 16.07.2020

In a series of tweets from Twitter Support on July 15, the help centre confirmed that hackers responsible for the massive breach of high-profile figures’ accounts had conducted a “coordinated social engineering attack” to gain “access to internal systems and tools.”

Twitter Hack: ‘Social Engineering Attack’ on Employee Admin Panel
  • Facebook
  • Twitter
  • Hacker News
  • reddit
  • LinkedIn
Twitter Hack: ‘Social Engineering Attack’ on Employee Admin Panel

It seems that Twitter admin accounts have access to messages and sensitive personal information and posting rights. This is not right from a security perspective. An angry employee can do serious damage.

Why the official twitter account of Donald Trump was not part of the hack? Are the accounts of presidents on a higher level of protection considering the damage a hack could do to national security?

CyberSecurityMag advise you to never respond to these messages and send any funds neither they come from highly followed accounts or from your close friends. Hackers usually compromise the accounts and will send mass messages to all contacts and ask for money.

About CyberSecurityMag

Founded in 2018, CyberSecurityMag is an award-winning online publication for small business owners, entrepreneurs and the people who are interested in cyber security. It is one of the most popular independent small business publications on the web.

Leave a Reply

Your email address will not be published. Required fields are marked *

Shares