A number of high-profile Twitter accounts were simultaneously hacked on Wednesday by attackers who used the accounts — some with millions of followers — to spread a cryptocurrency scam.
@bitcoin, @ripple, @coindesk, @coinbase and @binance were among the accounts hacked with the same message: “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a website, which we are not linking to.
The scammer’s website was quickly pulled offline. Kristaps Ronka, chief executive of Namesilo, the domain registrar used by the scammers, told TechCrunch that the company suspended the domain “on the first report” it received.
Twitter acknowledged the situation at 2:45 PT Wednesday afternoon, referring to it as a “security incident.”
Some of the accounts were quickly back under their owners’ control and tweets were quickly deleted, though at the time of writing, both Binance and Bitcoin still had a tweet promoting the scam. @apple also had its account hacked to push the same scam, as well as Amazon co-founder @jeffbezos and @billgates, whose account was also briefly hacked with the same message, though the tweet was quickly deleted.
Many other high profile accounts were quickly hijacked, including @elonmusk. The tweet posted to the Tesla and SpaceX founder’s account simply directed users to send bitcoin to a certain address under the guise that he will “double any payment” — a known cryptocurrency scam technique. Musk’s account appeared to remain compromised for some time after the initial message, with follow-up posts claiming followers were sending money to the suspicious address.
A number of extremely prominent Democratic political figures were also hacked as part of the cryptocurrency scam, including Barack Obama, Joe Biden and Alexandria Ocasio-Cortez.
Wiz Khalifa’s account was also compromised, as was the Twitter account of popular YouTuber MrBeast, who often posts giveaways, making his re-post of the bitcoin address particularly likely to drive followers to the scam. The hack also hit legendary investor Warren Buffet, a prominent and harsh critic of cryptocurrencies like bitcoin. “I don’t have any cryptocurrency and I never will,” Buffet told CNBC in February.
These kinds of scams are common. Scammers take over high-profile Twitter accounts using breached or leaked passwords and post messages that encourage users to post their cryptocurrency funds to a particular address under the guise that they’ll double their “investment.” In reality, it’s simple theft, but it’s a scam that works. By the time of writing, the blockchain address used on the scam site had already collected 2.8 bitcoin — some $25,700 in today’s currency — and it’s going up by the minute.
A spokesperson for Binance told TechCrunch: “The security team is actively investigating the situation of this coordinated attack on the crypto industry.” Several other companies affected by the account hacks did not immediately respond to a request for comment.
It’s not immediately known how the account hacks took place. Security researchers, however, found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.
Scammers frequently reply to high-profile accounts, like celebrities and public figures, to hijack the conversation and hoodwink unsuspecting victims. Twitter typically shuts these accounts down pretty fast.
A Twitter spokesperson, when reached, said the company was “looking into” the matter but didn’t immediately comment.