In what appears to be an organised cryptocurrency scam targeting major crypto accounts on Twitter as well as public figures, the Twitter accounts of Bill Gates and Elon Musk appear to have been hacked, or fallen prey to a crypto-related scam. The scam posted tweets on behalf of Gates and Musk, among other popular crypto accounts on Twitter, stating a Bitcoin wallet address along with the promise of sending back double the amount of BTC if a user sends a certain amount to the designated wallet first. The scam appeared to happen in two rounds, wherein the scammers posted similar Bitcoin-scamming tweets for the second time from both Gates’ and Musk’s accounts, after their first tweets were deleted.
Update 3, 4:10AM: Twitter has taken cognisance of the matter, and stated that it is investigating the incident. Posting from verified accounts have been paused as of now. Compromised accounts now include Barack Obama, Joe Biden, Kim Kardashian West, Warren Buffet, major crypto trading platforms and more. The platform is presently working on a restricted mode of sorts.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.— Twitter Support (@TwitterSupport) July 15, 2020
Update 2, 3:20AM: Unconfirmed tweets claim that the total volume of the scam has crossed $105,000 (~Rs 79 lac) as of now. It has taken roughly 15 minutes for the total BTC scam volume from the Twitter hack to reportedly increase close to 2.5x. Official statements still awaited.
Update 1, 3:05AM: The Twitter hack appears to be far wider than two accounts, with Apple's and Jeff Bezos' accounts reportedly targeted as well. Alleged tweets on the matter cite publicly available data to claim that the scam has so far seen over 160 incoming transactions to the mentioned BTC wallet, amounting to collections of over $40,000 (~Rs 30 lac) in Bitcoin already.
As of 2:30AM IST, all of the tweets from both Gates and Musk’s accounts have been deleted. The message written in the scam tweet appeared typical to a phishing or crypto-jacking scam that are more frequently spotted in email inboxes. For instance, the message posted on behalf of Gates read, “Everyone is asking me to give back, and now is the time. I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000. Only going on for 30 minutes! Enjoy!” This message was combined with a crypto wallet ID.
The scam message posted from Musk’s profile was more obvious to being detected as fake. It said, “You know I living giving back to my community. I’m doubling all BTC payments sent to my address. You send $1,000 and I will send #$2,000 back! Tell your family & friends! Only going on for 30 minutes. (sic)” The first tweet posted from Musk’s account was equally out of shape, with the tweet claiming Musk to be feeling “greatful”.
While scams such as these are fairly common, what’s concerning is how the scammers gained access to high profile Twitter accounts such as Gates’ and Musk’s. Even though an official statement is awaited at the moment, the structuring of the tweets, coupled with the claims posted on the tweets, all point to the same perpetrator behind this crypto-jacking effort. Twitter is yet to issue a statement on the matter, and clarifications are awaited from both Gates and Musk’s communication teams as well.
Interestingly, Ryan Mac of Buzzfeed reported that the mentioned bitcoin wallets appeared to be receiving incoming transactions as well. What’s also worth noting is how the attackers appeared to have tuned their tweets to suit the personalities they targeted, adopting the general tone in which both Gates and Musk generally tweet. While Gates is generally reserved with his posts on Twitter, Musk’s unfiltered rants, tirades and musings have been viciously popular in the past. With a potential scam that may have led to an undisclosed amount of crypto theft from these tweets, it remains to be seen what official communication is issued from these accounts, as well as Twitter itself.