The FBI has launched an investigation into Wednesday’s widespread Twitter hack, which saw attackers hijack 130 high-profile accounts to promote crypto giveaway scams.
In an unprecedented security breach that’s a PR disaster for the social network, verified profiles belonging to Elon Musk, Bill Gates, Barack Obama, and Kanye West were among those compromised. Accounts belonging to Uber and Apple were also affected, along with the Twitter pages of several cryptocurrency firms and exchanges.
Similar messages were posted from many of these profiles in the coordinated attack. One posted to Joe Biden’s page read: “I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes. Enjoy!”
Twitter had little choice but to go nuclear as the full extent of the breach became clear—opting to limit the functionality of all verified accounts on the platform while an urgent investigation took place. Although the exact circumstances surrounding the incident are unknown, the platform believes criminals had managed to successfully target Twitter employees who had access to the social network’s internal systems.
Needless to say, the saga didn’t reflect well on Bitcoin, either. Despite the fact that transactions made using this cryptocurrency are fairly traceable BTC has become a byword for criminality in coverage from many mainstream media outlets. Headlines around the world in the aftermath of this breach have only reinforced this narrative.
As the FBI said: “The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud.”
Big names, fast action
As reported by Modern Consensus on July 15, Ripple’s corporate Twitter account was among those hacked. The messages posted to the profile were eerily similar to those seen on pages belonging to Biden, Musk and West: “We are giving back 2,000 Ripple to random addresses that send 1,000 Ripple to our COVID-19 fund! Every donator gets 1,000 XRP!”
Just weeks ago, CEO Brad Garlinghouse had announced that Ripple was suing YouTube for allowing thieves to use his company and face on giveaway scam ads. Specifically, he complained that YouTube had been slow to respond to reports of scam sites robbing people of cryptocurrency.
“[S]ocial media companies have failed to police their platforms from being abused by the entirely preventable imposter giveaway scams. Hundreds of people (including some of you) have been hurt, yet big tech continues to drag their feet,” he tweeted at the time.
The hack is particularly embarrassing for Twitter’s CEO, the pro-Bitcoin entrepreneur Jack Dorsey.
Late on July 15, he tweeted: “Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
Twitter Support has been providing regular updates on its findings. Work is still underway to determine whether private data belonging to these high-profile accounts, such as direct messages, was accessed by the hackers. However, the company said there is “no evidence that attackers accessed passwords.”
Although the company stressed that the fraudulent tweets were speedily deleted, similar messages continued to be reposted—potentially indicating that Twitter had very little control as the attack was orchestrated. Collectively, tens of millions of people follow the accounts affected.
Questions have been raised as to why U.S. President Donald Trump, himself a prolific tweeter, appeared to be spared from the cyberattack. It appears that this is because his account benefits from greater levels of protection.
Confusion and chaos
Blockchain intelligence firms have now got to work as they try to determine how much Bitcoin was sent to the attackers, as well as the exact destination of this crypto.
Fortunately, reports suggest that there might be early leads on who was responsible for this embarrassing, large-scale breach. According to Reuters, one user was boasting on a gray market that they could get access to a Twitter account on someone’s behalf if they were paid $2,500 in crypto.
“This doesn’t look like a particularly sophisticated hacking group,” Hudson Rock chief executive Roi Carthy told the news agency.
Late on July 15, Elliptic said three Bitcoin addresses were used by the hackers, which collectively received 400 payments worth approximately $120,000. (This appears to be remarkably low, not least because cyberattacks on single exchanges can often result in millions of dollars of losses.)
It appears that the attackers wasted little time in moving the crypto elsewhere, but Elliptic’s analysts added: “Some of these funds have moved through a wallet that has previously transacted with exchanges. This could be an important lead for law enforcement investigators seeking to identify the hacker. Their challenge now is to launder these funds—with the world watching them on the blockchain.”
A Chainalysis spokesperson told Modern Consensus on July 17 that its analysis shows 45% of victims were from the Asia Pacific, 40% from North America, and 10% from Europe, the Middle East and Africa. According to updates from the company on Twitter, the largest victim appears to be from Japan and lost $40,000. Its analysts added: “We can share that the funds are moving through mixing services and merchant services.”
Given the rather paltry returns generated by the scam, there are conflicting theories as to the motives of the attackers—with some suggesting that the hackers wanted to show off rather than make money. Others fear another shoe could drop, and sensitive information extracted in the attack could end up being sold on the dark web or used for blackmail.
The Senate Commerce Committee has demanded answers from the social network by July 23, and the post-mortem into this incident is likely to be deep and severe. Given the profile of the politicians involved and the fact it’s an election year in the U.S., it’s little surprise that Twitter’s vulnerabilities are being regarded as a national security threat.
Twitter’s day from hell has also sparked another debate: banning Bitcoin.
New York Times journalist Josh Barro tweeted: “You know, we wouldn’t have to worry about this sort of thing if cryptocurrency was illegal. I’m not kidding. Crypto has no socially beneficial uses and quite a few socially harmful uses. Why is it allowed?”
This argument doesn’t take into account that Twitter’s massive security vulnerabilities would have existed with or without crypto.
As U.S. Congressman Tom Emmer (R-Minn.) retorted: “Bitcoin isn’t the problem. Centralized control is.”
Disclosure: Modern Consensus founder Ken Kurson sits on the board of Ripple.