Several excessive profile Twitter accounts, together with that of former U.S. President Barak Obama, Tesla CEO Elon Musk and Microsoft co-founder Bill Gates, have been compromised on July 15—and used to advertise a digital currency rip-off.
How it occurred
In their official announcement, the Twitter workforce mentioned that accounts have been compromised on account of a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
We detected what we imagine to be a coordinated social engineering assault by individuals who efficiently focused a few of our staff with entry to inner techniques and instruments.
— Twitter Support (@TwitterSupport) July 16, 2020
The social media firm mentioned the attacker was capable of persuade Twitter staff into giving them entry to inner instruments that permitted them to entry almost each Twitter account. A Vice report, nevertheless, claimed the takeover was an inside job, involving two people who paid a Twitter worker to present them entry to the instruments wanted to compromise accounts.
Regardless of which story is truly true, an unauthorized third occasion had the instruments to take over Twitter accounts and used their energy to advertise a digital currency rip-off.
The rip-off itself is nothing new; the hackers used high-profile Twitter accounts with tens of millions of followers and tweeted them a message alongside the strains of “I am doubling all payments sent to my BTC address” or “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community.”
Of course, the proprietor of the BTC pockets handle had no intention of truly doubling the funds despatched to the pockets handle they posted after which returning it to the unique sender. Through this rip-off, the hacker was capable of acquire roughly 12.864 BTC at their wallet address, equal to roughly $116,347.61 at press time.
The hacker began by focusing on high-profile digital currency accounts, reminiscent of Binance, Binance CEO Changpeng Zhao, Gemini, and extra. It finally moved outdoors of the digital currency house, compromising Apple, Kanye West, and Amazon CEO Jeff Bezos’s accounts as nicely.
When the workforce at Twitter realized of this problem, they instantly disabled the affected accounts. Shortly afterward, Twitter disabled all verified accounts and prohibited them from tweeting for some time. In addition, Twitter is not permitting people to tweet digital currency pockets addresses; we tried to tweet out a BTC, BSV, and ETH pockets handle however we’re met with an error that mentioned “Something went wrong, but don’t fret–let’s give it another shot” every time.
ℹ️ Due to anti-hack measures taken by Twitter the Whale Alert bot can not put up any transfers and we can’t manually add them both. We hope Twitter will resolve the problem quickly. Transfers are nonetheless being posted to our Telegram channel: https://t.co/vVRNZuovHX
— Whale Alert (@whale_alert) July 16, 2020
Bitcoin solves this
“Bitcoin prevents this because each user is holding their password in the form of private keys, and signing with those keys to gain access to their account like they do on Twetch,” mentioned Josh Petty, CEO of Twetch. “Every twetch is signed by these keys, however Twetch itself by no means has to retailer or handle a non-public key in a centralized server. In order for this assault to happen on Twetch, the hackers must hack every person and get their non-public key – individually – significantly rising the price of the assault. On Bitcoin, there aren’t any honeypot databases!
If Twitter was constructed on Bitcoin, this assault wouldn’t have occurred. On Bitcoin every particular person holds their very own non-public keys—a pockets can’t be compromised from a central location like an worker or server because it was throughout the July 15 Twitter assault. Instead, for a hacker to efficiently take over a Bitcoin-based social media community, they must assault every person, not only one particular person who has entry to each particular person account.
It is upsetting to know that Twitter may be compromised so simply and to know that Twitter has a single level of failure. It can be attention-grabbing to see if any Twitter person’s private identification was compromised throughout this assault.