High-profile Twitter users targeted in Bitcoin scam

SAN FRANCISCO－Twitter is investigating a massive hack in which high-profile users from Elon Musk to Joe Biden had their accounts hijacked by scammers who the social network believes targeted its employees to gain access to internal systems.

Posts trying to dupe people into sending hackers the cryptocurrency Bitcoin were tweeted by the official accounts of Apple, Uber, Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates, former US president Barack Obama and many others on Wednesday.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," Twitter said.

"They used this access to take control of many highly-visible ... accounts," the company said, adding that it was investigating "what other malicious activity they may have conducted or information they may have accessed".

The fraudulent posts, which were largely deleted, said people had 30 minutes to send $1,000 in bitcoin in order to receive twice as much in return.

A total of 12.58 bitcoins－worth almost $116,000－were sent to the email addresses mentioned in the fraudulent tweets, according to the site Blockchain.com, which monitors crypto transactions.

"Tough day for us at Twitter," chief executive Jack Dorsey said in a tweet.

The tweet that appeared on Tesla founder Musk's Twitter feed said:"Happy Wednesday! I am giving back Bitcoin to all of my followers. I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!"

It added that the offer was "only going on for 30 minutes".

The fake messages that appeared on other famous accounts made similar promises of instant riches.

Gates confirmed the tweet wasn't from him. "This appears to be part of a larger issue that Twitter is facing," a spokesperson for the billionaire said in a statement.

Blue ticks

The Biden campaign said that Twitter locked down the hacked account quickly and removed the bogus tweet.

US President Donald Trump's account, which has 83 million followers, was not among those hacked.

"Most accounts should be able to Tweet again," the Twitter support team said in an evening update, having earlier briefly disabled posts from verified accounts with an official blue checkmark.

The network said it had locked down the affected accounts, which also included Bitcoin specialty firms, and removed the tweets posted by the hackers.

According to a report by Tech Crunch, security researchers found that the attackers had fully taken over the victims' accounts, and also changed the email address associated with the account to make it harder for the real users to regain access.

These kinds of scams are common after cryptocurrency has become a tempting means to make a profit in recent years.

However, it's rare that the accounts of public figures were hacked to spread such scams on a large scale.

The incident exposes the problems with Twitter's platform because so many different users were hacked at the same time, Joe Tidy, a cybersecurity reporter told the BBC, adding that it will be very difficult to catch the criminals by following the money.

The hack might also be a simple demonstration of Twitter's weak security controls as the US heads into the 2020 presidential election, a contest in which the service is likely to play an influential role.

Agencies - Xinhua