Earlier Tonight I was suddenly seeing a lot of big Twitter profiles (Including Elon Musk, Bill Gates, Barack Obama, Joe Biden, Uber, Apple and other) posting the following on their Twitter timeline.
You can see one of the BTC address information here –> https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh
At the time of the writing this post, the BTC address has close to 110k USD and with 2 other BTC addresses have also been created which also have close to 10k USD each. So far, ~ $123,500 was sent to the hacker’s BTC wallets: $118.487 to 1st wallet by 354 victims $5,094 to 2nd wallet by 34 victims Total victims so far: 388
Twitter Support has been a bit slow to the scene to figure out what was going on, and starting blocking tweets with the BTC address and also blocking verified accounts from posting on twitter.
So what has happened? Still it has not been confirmed yet, but there are two theories on-going on how the attackers got access.
1: Compromised backend access to the admin panel of Twitter – Some users have been posting an screenshot showing an UI from the backend and showing account details.
2: Intercepting SMS on password reset or they’re bypassing it, by looking at the tweet below.
Regardless of how they got access, it means that they somehow managed to get account access and we may look at a large set of data that got compromised. Even if they used a BTC Scam that might not have been the end goal, but to distract Twitter from the main goal.
FYI: Here is a list of the current scam domains used (https://pastebin.com/h64CK3CG)