Twitter accounts belonging to Democratic presidential candidate Joe Biden, former US president Barack Obama, reality star Kim Kardashian West and her husband Kanye West, and Tesla CEO Elon Musk were hacked on Wednesday to promote a bitcoin scam.
The hack is the latest breach of high-profile Twitter accounts and an evolution of a long-running scam that has persisted on the social network for the last two and a half years. Since at least the start of 2018, scammers have created fake accounts mimicking Musk, President Donald Trump, and other celebrities to lure in unsuspecting individuals to send bitcoin or other forms of cryptocurrency with the promise that they’d have their money doubled or tripled in return.
A Twitter spokesperson told BuzzFeed News that the issue was “being looked into.” Tweets promoting the scam appeared across various verified accounts on Wednesday afternoon. According to cryptocurrency publication CoinDesk, which also had its account hacked, some of the affected accounts had two-factor security enabled.
More than five hours after this tweet, Twitter said that that the company had detected a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools" in a tweet from its support account. "We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it," the company said in another tweet.
While previous cryptocurrency scams have tended to mimic verified Twitter users by creating accounts with similar handles, avatars, and cover photos, Wednesday’s scam was different in that the unknown hacker gained access to real accounts to proliferate their scam. The initial scam tweet promoting the fake giveaway from Musk’s account, which has nearly 37 million followers, went up at 1:17 p.m. PT.
While Musk's first tweet was removed, at least three others went up from his verified account promoting the same bitcoin wallet. Similar tweets were posted by the verified accounts for Obama, Microsoft cofounder Bill Gates, Apple, and Uber.
Hacked accounts pinned the tweets promoting the giveaway scam to the top of their profiles or retweeted the posts. Other accounts that were hit included rappers Wiz Khalifa and the late XXXTentacion; boxer Floyd Mayweather; and billionaires Jeff Bezos, Michael Bloomberg, and Warren Buffett.
"Twitter locked down the account immediately following the breach and removed the related tweet," a Biden campaign spokesperson told BuzzFeed News. "We remain in touch with Twitter on the matter."
In what appeared to be an effort to deal with the security threat, Twitter seemed to prevent many verified accounts from tweeting on Wednesday afternoon. Service to verified accounts was intermittent, though they were still able to like, retweet, and send direct messages. Most unverified accounts remained able to post messages.
"We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this," the company said from its support account.
A Twitter spokesperson did not return questions as to whether the company specifically limited the abilities of verified accounts. They also did not return questions as to how the hack was perpetrated or if the hacker was able to access other parts of the service, like a user's direct messages.
The initial bitcoin wallet address associated with the scam showed transactions on Wednesday afternoon suggesting more than $118,000 worth of the cryptocurrency had been deposited, of which about $61,000 worth of bitcoin had been removed. A second wallet, which emerged in subsequent scam tweets, suggested about $5,000 worth of bitcoin had been received, of which $2,700 had been removed.
It’s unclear if that money was from actual unsuspecting individuals or the scammer themself. In past cryptocurrency giveaway scams, perpetrators have seeded wallets with their own money to encourage others to donate.
The website associated with the scam was created this morning at 10:36 a.m. PT. The site went down before Musk tweeted the address, but its layout was reminiscent of previous scams: It featured the same bitcoin wallet address as the one shared in the Musk tweet and an image claiming transactions were being sent to it.
“The current financial system is outdated and COVID-19 has made serious damage to the traditional economy ,To help in these hard times For COVID19 Huobi, Kucoin, Kraken, Gemini, Binance, Coinbase & Trezor are partnered to give back to the community,” read a message on the now-deleted site, referring to the names of popular cryptocurrency exchanges. Alongside that message, the site featured an image with the hashtag #CryptoAgainstCOVID.
The registration information associated with the website was fake. The business address did not exist, the phone number was fabricated, and questions sent to the associated email address went unanswered.
In August 2019, Twitter CEO Jack Dorsey had his account hacked by someone who posted racial slurs and a bomb threat. The company attributed the breach at that time to a “security oversight by a mobile provider.”
Nidhi Prakash contributed reporting to this story.