Twitter: the crypto hack collected 100 thousand dollars

The crypto hack that hit Twitter yesterday collected more than 12.8 bitcoins, or more than $110,000. 

The attack was initially aimed only at Twitter profiles of the crypto world, to advertise the CryptoForHealth site, but later it also affected profiles of well-known American characters, asking to send BTC to the address bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. 

Yesterday a total of 12.86252562 BTC were sent to this address with 373 transactions, or an average of 0.034 BTC per transaction, or about $300. 

The attack now seems to be over, since Twitter intervened to block it, but it involved verified profiles of famous people like Elon Musk, Bill Gates, Warren Buffett, Jeff Bezos, former US President Barack Obama, Democratic presidential candidate Joe Biden, Mike Bloomberg, but also profiles of companies like Apple and Uber. 

The CEO of Twitter Jack Dorsey explained that the company is investigating to understand what happened, and said: 

“Tough day for us at Twitter. We all feel terrible this happened”. 

Tough day for us at Twitter. We all feel terrible this happened.

We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.

💙 to our teammates working hard to make this right.

— jack (@jack) July 16, 2020

Twitter’s support team then explained that they intervened by temporarily blocking the operation of some profiles, which were then restored, and that they figured out so far that it was a coordinated social engineering attack by people who targeted certain employees with access to internal systems and tools. 

We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.

— Support (@Support) July 15, 2020

Having obtained the access credentials, they used them to take control of many highly visible accounts (including verified accounts) and posted tweets on their behalf. 

Finally, they added: 

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues”. 

This confirms that the attackers have in fact exploited an internal breach in the platform’s management system, perhaps due to some failure of the security system or perhaps the lack of prudence of some internal operator with access to the management systems. 

The curious thing is that the price of bitcoin in the crypto markets was not affected by the attack. 

After all, as far as bitcoin is concerned, it was neither a hack nor a large-scale theft, but only a technique that unfortunately proved effective to convince naive Twitter followers to send their bitcoins to the public address of the hackers. 

The fact is that now, since the address is known, it won’t be easy for hackers to use those BTC without being discovered, as the transactions are public. 

As far as Twitter is concerned, the hypothesis of an internal operator’s human error would seem to be one of the most plausible, and the fact that they were able to intervene and block the attack, albeit with a certain delay, could suggest that their computer systems have not been hacked. 

Finally, it must be said that the CryptoForHealth.com website was promptly blocked yesterday, and that it was later discovered that the CryptoForHealth.com domain was only registered the day the attack was launched. Therefore in theory it would have been quite easy to guess that it was a fake website.