Industry News

Coinbase stopped scammers from stealing an extra $280,000 during Twitter hack

Maybe Coinbase should send Twitter an invoice, because it certainly sounds like their quick thinking helped prevent last week’s hack from leaving a lot more Twitter users with empty wallets.

As we reported at the time, cybercriminals successfully managed to seize control of a number of high profile Twitter accounts last week, using them to tweet out messages designed to trick unsuspecting followers into handing over their Bitcoins.

The messages, which were posted from the genuine Twitter accounts of the likes of Joe Biden, Bill Gates, Elon Musk, Barack Obama, Kanye West, Apple, Uber, and others invited users to send their money to a Bitcoin wallet under criminal control, with the promise that they would double their money.

Twitter subsequently confirmed that a social engineering attack had “successfully targeted some of our employees with access to internal systems and tools,” and this is what had allowed hackers to hijack the accounts for the scam.

To its credit, Twitter has been fairly open about the incident, and shared that it believed 130 accounts had been targeted in the attack.

In all it is estimated that the hackers had approximately $100,000 transferred to them by users duped by the scam.

That’s obviously not good, but things could have been a lot worse.

According to an interview with Forbes, quick action by leading Bitcoin exchange Coinbase prevented much more money from being sent to the scammers.

Coinbase had its own Twitter account hijacked by cybercriminals who perhaps had the hope that some of its 1.1 million followers would be duped into falling for the dodgy investment.

However, Coinbase CISO Philip Martin told Forbes that only 14 Coinbase users managed to send any cryptocurrency to the scammers, losing $3,000 worth of Bitcoin in the process.

Why so few victims? Because Coinbase blocked payments to the scammers’ cryptocurrency wallet, preventing a further 1,100 Coinbase customers from sending a further $280,000 worth of Bitcoin.

Other cryptocurrency exchanges – including Gemini, Kraken, and Binance – reportedly did the same, but as they don’t have as many users are not thought likely to have blocked more payments to the scammers than Coinbase.

Cryptocurrency has often been described as lawless and a place where payments can be made without regulation and oversight. But the fact that so many people use common services to handle their Bitcoin investments may actually provide a degree of protection – at least when faced with such a high profile scam as this.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.