Several high-profile Twitter accounts, including those belonging to Apple, Bill Gates and Elon Musk, started to tweet in support of a Bitcoin scam, promising to double the money that people would send to their wallets.
Such high-profile Bitcoin scams don’t happen often, and the scale of the latest scam on Twitter indicates a much deeper approach than just merely phishing. Being able to have all of these famous people seemingly tweeting at the same time is a complex operation, and it looks like all verified accounts are impacted.
The messages were crafted individually so that it at least seemed to have been legitimate. Bill Gates is made to say that people have been asking for him to give back, so he will return $2000 for every $1000 people send to his wallet. All messages ended with the address of a Bitcoin wallet.
Twitter is now investigating, but from the looks of it, the attackers somehow managed to get access to internal tools.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” said the company. “We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.”
The first indication seems to point to a phishing campaign directed at Twitter employees. Somewhere along the line, bad actors obtained the proper credentials and compromised Twitter’s internal tool, without raising any alarms. When the time was right, the attack was deployed across known Twitter accounts, including Apple, Barack Obama, Joe Biden, Uber, Kanye West, and others.
The cybercriminal group that pulled this off remains unknown, but their goal was clear: to trick as many people as possible into sending their money to Bitcoin wallets, then disappear with the funds.