On Wednesday (July 15), microblogging platform Twitter suffered the most serious attack on any major social media platform to date. This article describes what happened and what this means for Twitter and Bitcoin.
The first sign that something was wrong came around 19:13 UTC on July 15 when crypto exchange Binance’s Twittter account got hacked and it sent out a now-deleted tweet that claimed Binance had partnered with an organization called “Crypto For Health” and was giving away 5000 BTC; you can see a screenshot of Binance’s tweet in the tweet below by Larry Sermak, Director of Research at The Block:
— Larry Cermak (@lawmaster) July 15, 2020
Those who went to “cryptoforhealth.com” were told that if they sent some bitcoin to the BTC address provided there, they could get double that amount back.
At first, it seemed as though it was only Binance’s Twitter account that had been hacked.
However, soon it bcame clear that the scope of this attack was much larger. Within minutes, we started seeing the accounts of many major names in the crypto space and outside of it get hacked (roughly in the order given here): CZ (the CEO of Binance), Gemini, Coinbase, Coindesk, Justin Sun, TRON Foundation, Bitcoin.com, Bitfinex, Ripple, Elon Musk, Bill Gates, Uber, Apple, Kanye West, Jeff Bezos, Bloomberg, and Joe Biden to name a few.
Some of the “scam tweets” from these accounts did not include a link to “cryptoforhealth.com” — especially once the good eyes brought that site down using a distributed denial-of-service (DDoS) attack — and simply mentioned the hackers’ BTC address.
Two hours later, there was still no annoucement from Twitter to explain what was going on.
Initially, some thought these accounts were getting hacked perhaps because they were not secured with two-factor authentication (2FA).
Another hypothesis was that a third-party app such as Hootsuite that is allowed to tweet on your behalf had been hacked.
Yet another hypothesis (put forward by Adam Cochran) was that this hack was a “0-day exploit on the link that is doing something like session/browser hijacking or a java drive-by.”
Finally, another hypothesis was that what was going on was of such a massive scale that it could only be the work of a disgruntled present/former Twitter engineer with “root level” administrative access to Twitter’s backend system.
Roughly 2.5 hours after various verified Twitter accounts started promoting the hackers’ Bitcoin scam, Twitter’s support team started telling people what was going on:
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
— Twitter Support (@TwitterSupport) July 16, 2020
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
— Twitter Support (@TwitterSupport) July 16, 2020
There is currently some debate in the crypto community as to whether this attack, which has received worldwide media coverage, is good or bad for Bitcoin.
The majority seem to be saying that what happened — although a humiliating experience for Twitter — is good for Bitcoin in the long term argue that the fact the hackers asked for Bitcoin demonstrates that it is a form of payment that cannot be reversed by any central authority and that since any publicity is good publicity, this attack will greatly increase the public’s awareness of Bitcoin.
I guess it makes sense intellectually that Twitter has a godmode admin key, but it still seems utterly insane to me. Seems like they can learn a thing or two about mitigating key man risk. Start by asking crypto exchanges for advice
— so-called nic carter (@nic__carter) July 16, 2020
This was Twitter getting hacked. The fact that scammers asked for a good, liquid and easily used form of digital money is not a slight on bitcoin, it's a compliment.
If a kidnapper asks for uncut diamonds and swiss bearer bonds do you blame the diamonds and the bonds?
— Andreas ☮ 🌈 ⚛ ⚖ 🌐 📡 📖 📹 🔑 🛩 (@aantonop) July 15, 2020
You know what the real news is from this incident?
Someone appears to have root level access to Twitter. They OWN this platform. They are in GOD MODE. They can do ANYTHING they want on it.
And their top choice is to trick you into parting with your precious bitcoin.
— Jameson Lopp (@lopp) July 15, 2020
Millions of people around the world are about to hear about Bitcoin again in the following few hours.
Today's hacks will be in every newspaper and media channel.
— Alex Krüger (@krugermacro) July 15, 2020
However, there is a small minority that says what happened can only be viewed as bad publicity for Bitcoin (and, of course, even worse publicity for Twitter) since it may act as a reminder that one (albeit minor) use case for Bitcoin (and crypto in general) is payments for illicit or criminal activities.
This is a bad look for bitcoin and crypto, but it’s a much worse look for Twitter. https://t.co/Cjvnya7pfO
— Michael Arrington (@arrington) July 15, 2020
This hack is terrible for public perception of crypto.
This will give tremendous fuel to the “it's only used by criminals for nefarious purposes” argument.
— The Wolf Of All Streets (@scottmelker) July 15, 2020
The main BTC address used by the hackers for receiving bitcoin from the victims of their phishing campaign was: bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. According to Blockchain.com’s explorer tool, so far, this address has had 376 transactions and received 12.86584703 BTC.
One thing that few people are talking about is how remarkably stable the price of Bitcoin was throughout this attack (which thankfully seems to have ended now), as you can see from the 24-hour BTC-USD chart below:
This is what Jake Chervinsky, General Counsel at DeFi startup Compound wrote on Twitter three hours after the start of the attack:
Breaking: after Twitter hack, bitcoin volatility skyrockets as price crashes in freefall from $9,225 to $9,220.
— Jake Chervinsky (@jchervinsky) July 15, 2020
As far as the security breach itself is concerned, although Twitter claims that it was the victim of a social engineering attack, according to a report published by Motherboard (the tech division of media outlet Vice) several hours ago, there exists a more disturbing version of what took place at Twitter.
Motherboard’s sources in the hacking community told them that this was an inside job, and apparently Motherboard was told by a Twitter spokesperson that “the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool.”
And if Motherboard are right about what happened, then it might not be a idea to end this article with the following tweet from Meltem Demirors, Chief Strategy Officer at CoinShares:
if someone at Twitter is willing to sell admin keys for a small amount of money…
imagine letting someone else hold your bitcoin for you 🤡
— Meltem Demirors (@Melt_Dem) July 16, 2020
Featured Image by “Pexels” via Pixabay.com
