On Wednesday (July 15), microblogging platform Twitter suffered the most serious attack on any major social media platform to date. This article describes what happened and what this means for Twitter and Bitcoin. 

The first sign that something was wrong came around 19:13 UTC on July 15 when crypto exchange Binance’s Twittter account got hacked and it sent out a now-deleted tweet that claimed Binance had partnered with an organization called “Crypto For Health” and was giving away 5000 BTC; you can see a screenshot of Binance’s tweet in the tweet below by Larry Sermak, Director of Research at The Block:

Those who went to “cryptoforhealth.com” were told that if they sent some bitcoin to the BTC address provided there, they could get double that amount back. 

At first, it seemed as though it was only Binance’s Twitter account that had been hacked.

However, soon it bcame clear that the scope of this attack was much larger. Within minutes, we started seeing the accounts of many major names in the crypto space and outside of it get hacked (roughly in the order given here): CZ (the CEO of Binance), Gemini, Coinbase, Coindesk, Justin Sun, TRON Foundation, Bitcoin.com, Bitfinex, Ripple, Elon Musk, Bill Gates, Uber, Apple, Kanye West, Jeff Bezos, Bloomberg, and Joe Biden to name a few.

Some of the “scam tweets” from these accounts did not include a link to “cryptoforhealth.com” — especially once the good eyes brought that site down using a distributed denial-of-service (DDoS) attack — and simply mentioned the hackers’ BTC address.

Two hours later, there was still no annoucement from Twitter to explain what was going on.

Initially, some thought these accounts were getting hacked perhaps because they were not secured with two-factor authentication (2FA).

Another hypothesis was that a third-party app such as Hootsuite that is allowed to tweet on your behalf had been hacked.

Yet another hypothesis (put forward by Adam Cochran) was that this hack was a “0-day exploit on the link that is doing something like session/browser hijacking or a java drive-by.”

Finally, another hypothesis was that what was going on was of such a massive scale that it could only be the work of a disgruntled present/former Twitter engineer with “root level” administrative access to Twitter’s backend system.

Roughly 2.5 hours after various verified Twitter accounts started promoting the hackers’ Bitcoin scam, Twitter’s support team started telling people what was going on:

There is currently some debate in the crypto community as to whether this attack, which has received worldwide media coverage, is good or bad for Bitcoin.

The majority seem to be saying that what happened — although a humiliating experience for Twitter — is good for Bitcoin in the long term argue that the fact the hackers asked for Bitcoin demonstrates that it is a form of payment that cannot be reversed by any central authority and that since any publicity is good publicity, this attack will greatly increase the public’s awareness of Bitcoin.

However, there is a small minority that says what happened can only be viewed as bad publicity for Bitcoin (and, of course, even worse publicity for Twitter) since it may act as a reminder that one (albeit minor) use case for Bitcoin (and crypto in general) is payments for illicit or criminal activities.

The main BTC address used by the hackers for receiving bitcoin from the victims of their phishing campaign was: bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. According to Blockchain.com’s explorer tool, so far, this address has had 376 transactions and received 12.86584703 BTC.

One thing that few people are talking about is how remarkably stable the price of Bitcoin was throughout this attack (which thankfully seems to have ended now), as you can see from the 24-hour BTC-USD chart below:

24 Hour CC Chart for BTC-USD on 16 July 2020.png

This is what Jake Chervinsky, General Counsel at DeFi startup Compound wrote on Twitter three hours after the start of the attack:

As far as the security breach itself is concerned, although Twitter claims that it was the victim of a social engineering attack, according to a report published by Motherboard (the tech division of media outlet Vice) several hours ago, there exists a more disturbing version of what took place at Twitter.

Motherboard’s sources in the hacking community told them that this was an inside job, and apparently Motherboard was told by a Twitter spokesperson that “the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool.”

And if Motherboard are right about what happened, then it might not be a idea to end this article with the following tweet from Meltem Demirors, Chief Strategy Officer at CoinShares:

 

Featured Image by “Pexels” via Pixabay.com