Several high-profile Twitter accounts, including those
belonging to Apple, Bill Gates and Elon Musk, started to tweet in support of a
Bitcoin scam, promising to double the money that people would send to their
wallets.
Such high-profile Bitcoin scams don’t happen often, and
the scale of the latest scam on Twitter indicates a much deeper approach than
just merely phishing. Being able to have all of these famous people seemingly
tweeting at the same time is a complex operation, and it looks like all verified
accounts are impacted.
The messages were crafted individually so that it at
least seemed to have been legitimate. Bill Gates is made to say that people
have been asking for him to give back, so he will return $2000 for every $1000
people send to his wallet. All messages ended with the address of a Bitcoin
wallet.
Twitter is now investigating, but from the looks of it,
the attackers somehow managed to get access to internal tools.
“We detected what we believe to be a coordinated social
engineering attack by people who successfully targeted some of our employees
with access to internal systems and tools,” said
the company. “We also limited functionality for a much larger group of
accounts, like all verified accounts (even those with no evidence of being
compromised), while we continue to fully investigate this.”
The first indication seems to point to a phishing
campaign directed at Twitter employees. Somewhere along the line, bad actors
obtained the proper credentials and compromised Twitter’s internal tool,
without raising any alarms. When the time was right, the attack was deployed
across known Twitter accounts, including Apple, Barack Obama, Joe Biden, Uber,
Kanye West, and others.
The cybercriminal group that pulled this off remains
unknown, but their goal was clear: to trick as many people as possible into
sending their money to Bitcoin wallets, then disappear with the funds.