Twitter is going through an unprecedented situation. A massive hack that affected accounts like Obama, Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, among many others. And behind this attack a cryptocurrency scam.
Yes, a coordinated attack that affected verified accounts of celebrities, politicians and tech companies with millions of followers.
It is not yet known how this attack began, but the entire plot of the scam was woven around hacking important accounts, both of personalities and of technology companies. And a detail that attracted attention at first is that a group of accounts linked to cryptocurrencies were included, such as Bitcoin, Coinbase, among others.
In each of the hacked accounts, different tweets were published that made reference to an initiative with BTC to help the community due to the COVID-19 crisis. This starts from the premise that celebrities and brands will donate twice what will come from the public. That is, users sent a certain amount of cryptocurrency and received double.
We can see some examples of these tweets (now deleted):
To carry out the process, the tweet included the link to a web page to make the transfer to a cryptocurrency wallet. The tweets were deleted, but a new succession of messages were posted a few minutes later from the same accounts.
Twitter response to the hack
This caused a lot of confusion until Twitter commented on it.
We are aware of a security incident affecting Twitter accounts. We are investigating and taking steps to fix it. We will update everyone shortly.  You may not be able to Tweet or reset your password while we review and address this incident.
This last action has only been applied to verified accounts, since they have been the center of the attack.
How did they accomplish this massive hack? At the moment, there is not much information beyond the comments of those affected that give any clues. For example, the co-founder of Gemini, one of the hacked accounts, mentioned that they had a strong password and used two-factor authentication, so it was very strange that they had breached his Twitter account.
So apparently the hack did not occur from the vulnerability of a third-party tool or from individual accounts. There are several hypotheses going around on social networks, which refer to Twitter’s internal controls as the cause of this hack, but there is still no official report.
Twitter confirmed the use of its internal tools in recent massive hack
Last Wednesday, the massive hack that was targeted by several verified Twitter accounts caused a stir. The profiles, which included Bill Gates, Elon Musk, Apple, Uber and several other accounts with the verification badge, were used to spread Bitcoins fraud. As we mentioned, after revealing the development of this case, Twitter took measures to control the situation for the time being. However, the unknown about the origin of this attack remained. Although it is not yet clear what happened, from the social network of 280 characters they confirmed that this wave of fraudulent messages was issued through internal Twitter tools, to which only certain company employees have access. When speculating about a massive hack, which also involves renowned brands and public figures, the list of possible explanations for what happened could be endless. From Twitter, after learning more information about the recent Bitcoins fraud that spread in the midst of this collective attack, they confirmed that the messages published were issued through internal tools of the social network. We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools., published the company of the blue bird through its support account.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
– Twitter Support (@TwitterSupport) July 16, 2020
In this way, at least the nature of this incident is already known, confirming one of the most commented possible causes and thus ruling out other possibilities, such as that the attacked accounts have been victims of phishing or some other type of direct attack on the users. affected profiles.
According to what was pointed out by Twitter, some Twitter official with administrative privileges on the platform suffered the violation of their credentials, in order to take control of many accounts with high public exposure through the power held by their account.
The internal investigation is still ongoing. Meanwhile, the compromised accounts and others that are potentially exposed, will continue to be limited in their activity and will only return to the control of their owners when Twitter considers that the situation has been completely corrected.
In addition, other preventive measures have been taken in the short message social network. On the one hand, internally, its administrative tools were significantly limited, in the company’s words. While on the other hand, considering the general user, the publication of Bitcoin wallets and other cryptocurrencies is prohibited, to avoid a new outbreak of this wave of scams and spam.
Looks like Twitter is blocking BTC addresses from being included in tweets
And I wonder if this workaround works .. (this address is actually mine, remove the dot in the middle)
– Jane Manchun Wong (@wongmjane) July 16, 2020
There is still data to be revealed to really understand the detail behind this incident, but at least part of its origin is already known.
Although frauds that use the image of public figures and recognized brands to attract attention are not new on the web, this case marks a milestone on Twitter, given its size. With the handling of this situation, the social network is playing an important part of its image and the trust of its users.