Brazen online attack targets VIP Twitter users in bitcoin scam

It was about 4 in the afternoon Wednesday on the East Coast when chaos struck online. Dozens of the biggest names in America — including Joe Biden, Barack Obama, Kanye West, Bill Gates and Elon Musk — posted similar messages on Twitter: Send bitcoins and the famous people would send back double your money.

It was all a scam, of course, the result of one of the most brazen online attacks in memory.

A first wave of attacks hit the Twitter accounts of prominent cryptocurrency leaders and companies. But soon after, the list of victims broadened to include a Who’s Who of Americans in politics, entertainment and tech, in a major show of force by the hackers.

Twitter quickly removed many of the messages, but in some cases similar tweets were sent again from the same accounts, suggesting that Twitter was powerless to regain control.

The company eventually disabled broad swaths of its service, including the ability of verified users to tweet, for a couple of hours as it scrambled to prevent the scam from spreading further. The company sent a tweet saying that it was investigating the problem and looking for a fix. “You may be unable to Tweet or reset your password while we review and address this incident,” the company said in a second tweet. Service was restored around 8:30 Wednesday night.

We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

— Twitter Support (@TwitterSupport) July 16, 2020

Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

— Twitter Support (@TwitterSupport) July 16, 2020

We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

— Twitter Support (@TwitterSupport) July 16, 2020

The hackers did not use their access to take aim at any important institutions or infrastructure — instead just asking for bitcoins. But the attack was concerning to security experts because it suggested that the hackers could have easily caused much more havoc.

There was little immediate evidence for who conducted the attack. One of the most obvious culprits for an attack of this scale, North Korea, has been documented to have used Bitcoin extensively in the past. But its nature — “effective, but also amateurish” in the words of one senior American intelligence official — led U.S. intelligence agencies to an initial assessment that this was most likely the work of an individual hacker, not a state.

Officials also noted that the breach did not affect the account of one of the most watched and powerful users of Twitter: President Donald Trump. Trump’s account is under a special kind of lock and key after past incidents, the official noted.

• Twitter fact-checks Trump tweet for the first time
• Twitter hides 'abusive' Trump tweet targeting protestors

© 2020 The New York Times Company