Twitter staff targeted by 'coordinated social engineering' attack as hackers hijack verified accounts in Bitcoin scam

Overnight, Twitter suffered a massive attack by hackers who tried to use the verified accounts of celebrities and high-profile users to execute a Bitcoin scam. The likes of Barack Obama, Joe Biden, Elon Musk, Bill Gates and Kanye West had their accounts hijacked and message were posted promising that if people sent money to a Bitcoin wallet, they would get double the amount back.

Needless to say, it was a crypto scam, and Twitter took the extraordinary steps of preventing all users with a blue tick from tweeting. Twitter now has control of the situation and says that the attack came after staff fell victim to social engineering, enabling hackers to gain access to internal tools which were then used to take over key accounts.

See also:

• Twitter warns users of 'data security incident' involving billing information
• Facebook removes Nazi Trump ads while Twitter flags up 'racist baby' tweet
• You will soon be able to request Twitter verification

Numerous tweets -- now deleted by Twitter -- encouraged users to part with money for the promise of a quick profit. A tweet from Bill Gates' account read "Everyone is asking me to give back. You send $1,000, I send you back $2,000. BTC Address xxxxxxxxxx. Only going on for 30 minutes! Enjoy!" Tweets from other celebrities and prominent accounts took much the same form.

Twitter was fairly quick to acknowledge that there was problem, and tweeted to let users know:

We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.

— Twitter Support (@TwitterSupport) July 15, 2020

While the scam had the potential to net millions of dollars, blockchain records show that the perpetrators only managed to obtain around $100,000 from victims before Twitter took steps to intervene.

In a series of tweets via its @TwitterSupport account, the company released a statement explaining what it knows about the incident:

Our investigation is still ongoing but here's what we know so far:

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this. This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do. We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.

This is still a developing story, and the investigation is underway, so more details will follow.

Image credit: Wit Olszewski / Shutterstock