On July 15th, several prominent Twitter accounts were hacked to post a variation of a message stating that any bitcoin sent to the wallet linked would be sent back and doubled. In a matter of hours, accounts from Apple, Uber, Elon Musk, Jeff Bezos, Bill Gates, and more posted the same message. Then, in the four hours the tweets were live, the Bitcoin wallets linked received over $100,000 via 300 transactions.
But, how did it all start? Here is a comprehensive timeline of the Twitter Bitcoin Hack.
The first Twitter accounts targeted included prominent cryptocurrency companies including Coinbase, Ripple, and Binance. Each account posted a message under the guise that the companies were “giving back” bitcoin to the community. Then, each account linked the same address for users to send BTC first.
The attack then spread to verified users and prominent figures with even larger followings. Among the accounts affected included former U.S. President Barack Obama (120M followers), Microsoft co-founder Bill Gates (51.2M followers), reality TV star Kim Kardashian (65.7M followers), and several others. The tweets posted on these accounts used the same message and switched between three bitcoin addresses.
Next, in an unprecedented move, Twitter removed the ability for all blue check, verified users to tweet in order to limit the damage of the attack. While not all the accounts that were blocked were impacted by the hack, Twitter limited all verified users from tweeting or resetting passwords while they investigated further.
Later that night, Twitter’s official support account posted a series of tweets reporting the hack was believed to be “a coordinated social engineering attack” targeting internal employees, which means the hackers manipulated certain internal employees to divulge confidential information. The hackers then used the credentials to access Twitter’s internal systems to target 130 Twitter accounts.
In the following days, Twitter confirmed that in eight of the Twitter accounts involved, personal data was downloaded when “the attackers took the additional step of downloading the account’s information” through the “Your Twitter Data” tool. This data includes private messages sent from the hacked accounts.
While the identity of the hacker or hackers remains unknown, Twitter is continuing to update the public on the information they have on the security incident on their Twitter Support account and their blog summarizing the situation.