Crypto Twitter exploded this week, but not for the usual reasons — a Bitcoin scam briefly took over the entire Twitterverse.
While the scam in question — send me BTC and I’ll send you back double, I promise! — is (sadly) incredibly common throughout the online crypto world, this was the largest version to-date, with the hacker(s) sending the malicious message through the official Twitter accounts of Elon Musk, Kanye West, even Apple, and many, many more.
What Actually Happened?
The verified Twitter profiles of a handful of crypto celebrities and companies, along with more mainstream, high-profile figures such as Joe Biden and Wiz Khalifa, sent out tweets on July 15 asking for Bitcoin, starting from 2:15 PM EST and lasting until 6:05 PM EST.
The hacker(s) appear to have accessed celebrities’ accounts through a social engineering attack on high-ranking employees with administrative access.
Twitter responded (some say way too slowly) by locking down verified accounts, as some accounts kept repeating scam tweets even after Twitter deleted the initial offending posts. At press time, Twitter has reportedly blocked the inclusion of Bitcoin addresses in tweets.
Yesterday, Twitter CEO Jack Dorsey tweeted that they will share more information when they can, but so far there is no clear explanation as to the actual “how” behind the hack.
Who Was Affected?
The hack initially affected only crypto Twitter, with the verified accounts of crypto exchanges (Binance, Coinbase, Kucoin and Gemini) leading the first wave. Crypto celebrities then began sending out the scam message, including Binance founder CZ, Tron founder Justin Sun and Litecoin founder Charlie Lee. Only one media outlet was hacked, crypto media first mover Coindesk.
After the hacker(s) exhausted their list of crypto influencers, he/she/they moved on to bigger names like Elon Musk and Bill Gates before going a step further and tweeting as Apple and Uber.
The attack began with a crypto celebrity @AngeloBTC, who boasts only about 150,000 Twitter followers, and ended with celebrity celebrity Kim Kardashian, who has close to 66 million.
Who Are the Hacker(s)?
A recent article from Cointelegraph that traces the addresses involved has found that the hacker(s) are in the process of sending their funds to an address that had previously sent money to BitPay and Coinbase — and the existence of past transactions on two large exchanges mean that it may be possible to find out the identity of the hacker(s).
The address that now contains all of the funds from the hack, according to Cointelegraph at press time, has received 14.75 BTC, worth now about $135,000 on CMC.
You can track the crypto coming into the hacker crypto addresses using CoinMarketCap’s block explorer.
What Does This All Mean?
For one, this means that you should be careful about trusting the authenticity of messages on Twitter, especially those from verified accounts. The hacker(s) has shown the world that a Twitter blue checkmark is not as trustworthy as you might have thought.
Second, do not fall for crypto scams online! CoinMarketCap recently published a blog post on how to avoid crypto scams, which lays out several schemes that people use to trick others into giving up their hard-earned cryptocurrency. While giveaways do happen, take a second to wonder how someone could send you double your money, for free, even if the proposal does seem to be coming from former president Barack Obama.
And last, learn to always use encrypted services to send any personal or private information online. It’s possible that the hacker(s) made off with more information from these profiles, like DMs, to use in the future as potential blackmail, and the Bitcoin scam tweets are merely a red herring.
Experts have already started speculating about why this hack was perpetrated that way it was: for example, it would have been much more financially beneficial to short an altcoin, and then tweet from Coinbase that it was being delisted — and that’s just one of a thousand more ways that someone could make more than a mere $135,000 with access to this many high profile Twitter accounts.
On a darker note, the hacker(s) could have potentially started a war, an economic crisis, a stock crash, depending on what they tweeted from which account — but thankfully, this time, they stuck to crypto.
In the end, we’re left with a lot more questions than answers, but we can take away at least one important lesson — you can’t get something, for nothing!