Hackers promoting cryptocurrency scams targeted Elon Musk, Bill Gates and Kanye West, among other high-profile Twitter users, by using their accounts to promise to “double” payments to a Bitcoin account.
Scammers also were able to manipulate accounts belonging to Joe Biden, Barack Obama, Amazon CEO Jeff Bezos and former New York City mayor and billionaire media figure Mike Bloomberg, among others, by requesting payments from users in return for a doubled amount. The messages were all quickly deleted, but similar messages continued to appear across Twitter, indicating a significant breach within the platform, as the hackers attracted thousands of dollars in payments.
“We are aware of a security incident impacting accounts on Twitter,” the platform announced on its support account more than an hour after the initial hacks. “We are investigating and taking steps to fix it. We will update everyone shortly.”
Verified accounts were temporarily blocked from posting on the platform.
The first messages appeared on the Tesla CEO’s account on Wednesday: ”I’m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!”
The message was deleted and replaced with another similar message: “Feeling greatful [sic], doubling all payments to my BTC address!”
“You send $1,000, I send you back $2,000,” the message said.
“Everyone is asking me to give back, and now is the time,” said a message on the Microsoft founder’s Twitter page, linking to a bitcoin address and promising to ”double” all payments “for the next 30 minutes”.
A statement from a spokesperson for Mr Gates’ said that Twitter is “aware and working to restore” his account.
Cameron Winklevoss said the account had two-factor authentication enabled with a strong password.
“We are investigating and hope to have more information shortly,” he said on Twitter.
Accounts for other high-profile figures and former elected officials were compromised moments later with messages making similar requests and promising to send money to users, ultimately creating one of the largest hacks on the social media platform affecting accounts totalling millions of followers.
The Bitcoin account mentioned in the fake tweets appears to have been created on Wednesday. By the end of the day, it had received almost 12.9 bitcoins, an amount currently valued at slightly more than $114,000 (£88,800). At some point during the day, roughly half that sum in bitcoin was withdrawn from the account.
It appears that the account holders themselves were not targeted in the scam, which relied on their massive followings to lure users into the scheme.
It was not immediately clear how the scammers had access to the accounts and how many people were impacted.
Twitter did not immediately return a request for comment but directed reporters to the company’s support account.