Twitter: the crypto hack collected 100 thousand dollars
Twitter: the crypto hack collected 100 thousand dollars
Security

Twitter: the crypto hack collected 100 thousand dollars

By Marco Cavicchioli - 16 Jul 2020

Chevron down
Listen this article
download

The crypto hack that hit Twitter yesterday collected more than 12.8 bitcoins, or more than $110,000. 

The attack was initially aimed only at Twitter profiles of the crypto world, to advertise the CryptoForHealth site, but later it also affected profiles of well-known American characters, asking to send BTC to the address bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh

Yesterday a total of 12.86252562 BTC were sent to this address with 373 transactions, or an average of 0.034 BTC per transaction, or about $300. 

The attack now seems to be over, since Twitter intervened to block it, but it involved verified profiles of famous people like Elon Musk, Bill Gates, Warren Buffett, Jeff Bezos, former US President Barack Obama, Democratic presidential candidate Joe Biden, Mike Bloomberg, but also profiles of companies like Apple and Uber

The CEO of Twitter Jack Dorsey explained that the company is investigating to understand what happened, and said: 

“Tough day for us at Twitter. We all feel terrible this happened”. 

Twitter’s support team then explained that they intervened by temporarily blocking the operation of some profiles, which were then restored, and that they figured out so far that it was a coordinated social engineering attack by people who targeted certain employees with access to internal systems and tools. 

Having obtained the access credentials, they used them to take control of many highly visible accounts (including verified accounts) and posted tweets on their behalf. 

Finally, they added

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues”. 

This confirms that the attackers have in fact exploited an internal breach in the platform’s management system, perhaps due to some failure of the security system or perhaps the lack of prudence of some internal operator with access to the management systems. 

The curious thing is that the price of bitcoin in the crypto markets was not affected by the attack. 

After all, as far as bitcoin is concerned, it was neither a hack nor a large-scale theft, but only a technique that unfortunately proved effective to convince naive Twitter followers to send their bitcoins to the public address of the hackers. 

The fact is that now, since the address is known, it won’t be easy for hackers to use those BTC without being discovered, as the transactions are public. 

As far as Twitter is concerned, the hypothesis of an internal operator’s human error would seem to be one of the most plausible, and the fact that they were able to intervene and block the attack, albeit with a certain delay, could suggest that their computer systems have not been hacked. 

Finally, it must be said that the CryptoForHealth.com website was promptly blocked yesterday, and that it was later discovered that the CryptoForHealth.com domain was only registered the day the attack was launched. Therefore in theory it would have been quite easy to guess that it was a fake website. 

 

Marco Cavicchioli
Marco Cavicchioli

Class 1975, Marco teaches web-technologies and is an online writer specializing in cryptocurrencies. He founded ilBitcoin.news, and his YouTube channel has more than 25 thousand subscribers.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.