Unprecedented Twitter Breach: Barack Obama, Jeff Bezos, Joe Biden, Dozens of High-Profile Accounts Compromised in Bitcoin Giveaway Scam

Billionaires, politicians, and celebrities were victimized in a large-scale phishing campaign with the hackers defrauding people for over $100,000 in Bitcoin.

Hackers used their access to trick people into participating in a fake Bitcoin giveaway.

The attack has targeted many cryptocurrency-related accounts. The latest list of victims includes Kraken, Coinbase, TRON Foundation, Bitcoin, Binance, Bitfinex, Ripple, Gemini, KuCoin, Vitalik Buterin, Justin Sun, Changpeng Zhao, and Charlie Lee.

Corporate accounts that have fallen victim to the attack include Uber, Bloomberg, Square’s CashApp, and Apple. Compromised celebrity accounts include Bill Gates, Barack Obama, Joe Biden, Kanye West, Jeff Bezos, Mike Bloomberg, and Elon Musk.

The compromised accounts have deleted the phishing tweets and continue to operate as usual.

Twitter has not explained the attack. However, it appears that Twitter’s internal employee panel was accessed by the attacker, giving them access to every Twitter account.

We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.

— Twitter Support (@TwitterSupport) July 15, 2020

The attacker may have gained access to the panel by buying a Twitter employee’s login credentials on the black market, though it is not clear if any employee logins have been leaked.

In response to the hack, Twitter has started to limit account activity on its platform, restricting some users from tweeting.

It’s possible that Twitter was not hacked directly. Instead, an intermediary service that automates Twitter posts, like Hootsuite, could have been compromised, which would give the attacker only partial access to accounts (only giving the hackers posting permissions, for example).

The CryptoForHealth domain is registered to a name and address in California. However, this is likely fake information or information also purchased on the black market.

So far, the attacker’s Bitcoin address has received more than 12.8 BTC ($110,000) in just a few hours. Typically, phishing campaigns do not go to the trouble of hacking accounts directly. Instead, they usually rely on nearly-identical but separate accounts to post fraudulent giveaway offers. The blue checkmark on Twitter accounts, as well as their limited reach makes impersonating high-profile accounts mostly ineffective.

Though today’s attack has been surprisingly successful, dozens of similar scams on Twitter and YouTube have brought in millions of dollars worth of Bitcoin. Today’s hack does not appear to be especially profitable compared to other schemes.

Instead, the fact that Twitter itself may have been compromised is the critical aspect of the attack. The event has caused Twitter’s stock market value to plummet in after-hours trading, dropping nearly 3% with TWTR falling from $35 to $34 within hours.