Bitcoin scammers targeted the Twitter accounts of Elon Musk, Bill Gates, Kanye West, Barack Obama and other famous tech executives, entertainers and politicians on Wednesday in what appears to be a large-scale hack. Apple, Uber and other businesses were caught up in the sprawling attack.
Twitter accounts with millions of followers seemed to have been compromised, raising concerns about whether or not the company is doing enough to protect the security of its users. While cryptocurrency scams aren’t a new problem for Twitter, the size of Wednesday’s attack is unusual.
“I’m feeling generous because of Covid-19,” a now-deleted tweet from the Musk account reads. “I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!”
Similar tweets were sent through the Twitter account of Bill Gates, the billionaire philanthropist and Microsoft founder. “I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000,” the tweet, which was deleted, read.
The scam tweets would periodically vanish, only to reappear minutes later.
A spokesperson for Gates confirmed the tweet was not sent by the billionaire.
“We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account,” the spokesperson said in a statement.
It wasn’t immediately clear how the hack was conducted or how many accounts were impacted. Twitter said it was looking into the issue but couldn’t immediately provide information on how the accounts, which have tens of millions followers combined, were compromised.
After two hours, Twitter still didn’t have the incident under control. In a tweet, the company said that some users might not be able to tweet or reset their password as they review and tackle the problem.
Some users who tried to tweet got an error message. “This request looks like it might be automated. To protect our users from spam and other malicious activity, we can’t complete this action now. Please try again later,” the message read.
The scam tweets end with a link where unsuspecting readers can send Bitcoin. We’ve blacked that bit out in the screenshots above. As of Wednesday afternoon, a cursory check of the BTC address from the tweets shows a total received of 12.30776555 BTC, roughly $113,572.
The Wednesday hack isn’t the first time that Twitter accounts have been compromised by scammers. In 2018, hackers. Twitter said that hackers exploited a third-party marketing service not its own system. Twitter then banned cryptocurrency ads, but that hasn’t stopped scammers from coming back to the platform.
Even Twitter’s ownhasn’t been immune from hacking. In 2019, Dorsey’s account was compromised and the hackers tweeted out sexist, racist and anti-Semitic comments. Twitter said there was a security issue with Dorsey’s mobile provider, which allowed the hackers to compose and send tweets from his account via text message. In a tactic known as SIM swapping, a hacker bribes an employee of a mobile provider to get them to switch the numbers tied to the SIM card. That allows them to bypass security measures such as two-factor authentication.
Politicians on Wednesday were urging others not to fall for the Bitcoin scam and some reached out to Dorsey for answers. Sen. Josh Hawley, a Republican from Missouri, asked Dorsey in a letter to respond to questions such as whether the attack threatened the security of President Donald Trump’s account and its impact on the security of other users.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” he said in the letter. “A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
Musk and Gates weren’t the only high-profile accounts that appear to be compromised. Scammy tweets were seen in the feeds for fast food chain Wendy’s, Democratic presidential candidate Joe Biden, philanthropist Warren Buffett, musician Wiz Khalifa, Amazon CEO Jeff Bezos and celebrity Kim Kardashian. Scammers also appear to have targeted athletes, such as former professional boxer Floyd Mayweather, and even a popular parody account for God, along with cryptocurrency businesses.
“ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED,” tweeted Cameron Winklevoss, co-founder of the Gemini cryptocurrency exchange. “We are investigating and hope to have more information shortly.”
“WARNING: @Gemini’s twitter account, along with a number of other crypto twitter accounts, has been hacked,” added Tyler Winklevoss, echoing his twin brother and Gemini co-founder’s concern. “This has resulted in @Gemini, @coinbase, @binance, and @CoinDesk, tweeting about a scam partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are SCAMS.”
Tesla didn’t immediately respond to a request for comment.