top of page
ad cnp.png

A Massive Synchronized Twitter Hack Compromised Dozens Of Verified Twitter Accounts

A large-scale Synchronized Twitter attack affected top politicians, celebrities and cryptocurrency-related verified twitter accounts appeared including exchanges such as Binance, Coinbase, and Gemini, Kucoin and more.

The attacker posted about fake giveaways from the compromised accounts, asking for BTC payments while promising to send back double the amount received.

Each tweet involved a scam Bitcoin (BTC) giveaway or trap. Several bitcoin addresses were used, which together received around 400 payments. The total value of the bitcoin payments received is approximately 14.75 Bitcoin (BTC), worth about $135,000.

Similar fake tweets also popped up on the accounts of media outlet CoinDesk, Bitcoin, and numerous other companies. Individuals such as Justin Sun, Charlie Lee, King Cobie, AngeloBTC and others too were also targeted.

The attack was however was not just limited to crypto companies/influencers. It took over some of the most powerful verified Twitter accounts including US Presidential Candidate Joe Biden, Elon Musk, Bill Gates, Kanye West, Kim Kardashian, Wiz Khalifa, Warren Buffett, Mike Bloomberg, Barack Obama, and Jeff Bezos, among others.

The hacked accounts posted about an odd partnership and giveaway with the following tweet:

“We have partnered with CryptoForHealth and are giving back 5,000 BTC to the community”

Binance too tweeted from its main Twitter account on July 15, raising suspicion. Shortly after the strange tweet from Binance’s account, Coinbase’s Twitter account too posted the exact same tweet:

“We have partnered with CryptoForHealth and are giving back 5,000 BTC to the community”

Coinbase‘s account tweeted on July 15, around 2:35 p.m. Central Standard Time. Twitter pages from Gemini, Kucoin, the Tron Foundation, Bitfinex all showed similar activity around the same timeframe.

Twitter Support followed up on the large scale attack:

Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues. — Twitter Support (@TwitterSupport) July 16, 2020

Twitter CEO, Jack Dorsey posted that the team is continuing to investigate what happened:

Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. 💙 to our teammates working hard to make this right. — jack (@jack) July 16, 2020

Meanwhile, Bitcoin developer Jimmy Song took the opportunity to educate people that nothing centralized is really owned by the individual:

You know how someone is messing with Twitter with root level access right now? The same thing happens to the dollar every day. Your dollars aren't really yours in the same way your Twitter isn't really yours. — Jimmy Song (송재준) (@jimmysong) July 15, 2020

According to post from Whitestream, a blockchain analytics company, three transactions originating from the “1Ai5” address lead to wallets associated with Coinbase and BitPay, both of which provide merchant solutions. The legacy address was the first to be offered by the hackers, who later switched to a Bech32 address when targeting non-crypto accounts.

#TwitterHack @coinbase @BitPay Please check the following Bitco_in addr_ess that received B_itcoin from the attacker scam ad_dress: 1_Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuy_F — whitestream – Blockchain Intelligence (@whitestream5) July 16, 2020

After about 2 hours of the hacking, the official handle of Twitter Support tweeted that the issue was due to a social engineering attack performed on high-rank employees with admin access. Through the admin panel, hackers took control of the accounts by changing their passwords and recovery emails.



bottom of page