Hackers attacked several US prominent Twitter accounts, including those of Joe Biden, Elon Musk, and Bill Gates, to promote an apparent cryptocurrency scam.
According to Twitter, the US accounts were compromised to promote a cryptocurrency scam on Wednesday due to an attack by hackers on some of its employees with access to the company's internal tools.
Twitter attack and Bitcoin scam
Twitter's support team said: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
In a series of tweets, the company said: "We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf."
The affected accounts include those of former President Barack Obama, Kanye West, Kim Kardashian West, Warren Buffett, Jeff Bezos and Mike Bloomberg. The accounts posted similar tweets soliciting donations via Bitcoin to their verified profiles.
Gates' tweet read: "Everyone is asking me to give back, and now is the time. I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000...Only going on for 30 minutes! Enjoy!"
A spokesperson for Gates stated: "We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account."
Tim Cotten, a Bitcoin researcher, explained that the first Bitcoin wallet featured in some of the tweets only became active on Wednesday and that in the hours immediately after the tweets were posted, it received more than $100,000 worth of Bitcoins through hundreds of transactions.
Cotten added that some of the Bitcoin was then transferred to other wallets.
FBI's San Francisco field office said: "We are aware of today's security incident involving several Twitter accounts belonging to high profile individuals. The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud. We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident."
How Twitter managed the attack
Twitter said: "Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely."
In a tweet, the company's chief executive officer (CEO) Jack Dorsey stated: "Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."
A little over an hour after the attack commenced, Twitter prevented holders of verified accounts from tweeting but allowed non-verified accounts to still tweet.
Roughly three hours after Twitter publicly announced that it was conducting investigations into the apparent attack and more than two hours after it shut down tweeting for some account, the social media firm assured that the majority of accounts had been restored to full functionality.
Currently, Twitter is still investigating the breach and what other data may have been compromised. It said: "We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."
