Massive Twitter hacking. How hackers did it and how much they earned

What happened?

Many famous personalities, companies and several crypto exchanges have had Twitter accounts

hacked. On their behalf, spam was sent, calling to send money to an unknown crypto wallet, and in return receive a double amount.

The origins of the fraud can be traced back to a mysterious tweet posted on Musk's account at 4:17 pm ET.

I feel generous about COVID-19. I will double any BTC payment sent to my BTC address within the next hour. Good luck and stay safe!

Fake tweet from Elon Musk's account

The tweet was then deleted and replaced with another one that more clearly outlined the fake advertisement.

I am grateful for doubling all payments sent to my BTC address! You send $ 1,000, I return $ 2,000! Only do this for the next 30 minutes.

Fake tweet from Elon Musk's account

The tweet sent to Gates' account echoes Musk's tweets, with an identical BTC address attached. It was also removed shortly after publication.

Accounts hacked included President Barack Obama, Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Apple and Uber corporate accounts, and Kanye West.

Shortly after the first wave of tweets from accountsBill Gates and Elon Musk, Apple, Uber, former President Barack Obama, Amazon CEO Jeff Bezos, Democratic presidential candidate Joe Biden, hip-hop tycoon Kanye West and former New York mayor and billionaire Mike Bloomberg, among others, also were compromised and started spreading fraudulent tweets.

But they were hacked later. The first known personal account that has been compromised is Elon Musk's blog.

In the first hours after the attack, the deceived people andsent the hackers over $ 118,000. It can also be assumed that the attackers could have gained access to a large number of confidential direct messages. However, the speed and scale of the attack are of even greater concern. The United States is also concerned about issues related to national security amid the widespread attack.

Account takeovers seem to have stopped, but new fraudulent tweets were regularly sent to verified accounts. The hacker attack lasted over two hours, starting at 4 pm ET.

How did it all start?

Chaos began when the general's accountTesla CEO Elon Musk was apparently compromised by hackers with the intention of using him to launch fraudulent Bitcoin transactions. The account of Microsoft co-founder Bill Gates also appears to have been exposed to the same scammer who posted a similar message with an identical bitcoin wallet address. Both accounts continued to post new tweets promoting the scam. Musk's account was still under the control of the hacker, even at 5:56 pm ET.

How did Twitter respond?

After an unprecedented account hackTwitter has confirmed that it has taken the plunge by blocking new tweets from every verified user, compromised or not, and blocking all compromised accounts.

The platform says it will not restore owners' access to affected accounts until the company is confident they can do so “safely”.

We have blocked accounts that have been compromised and will only restore access to the original owner when we are confident that we can do so safely.

Twitter Support (@TwitterSupport) July 16, 2020

The service reacted to the situation after more thanhours of silence, posting to your support account at 5:45 pm ET that a "security incident" was reported that affected the accounts. The case is being investigated and the company is taking steps to fix it, Twitter said.

Late in the evening, Twitter CEO Jack Dorsey made an address to social media users.

Tough day for us on Twitter. We all feel terrible. We will diagnose the problem and share all the details when we have a better understanding of what exactly happened.

Twitter CEO Jack Dorsey

Twitter Product Manager Keywon Beikpuralso made a public statement stating that the investigation into the incident is still ongoing, but the company will be sending updates on the situation through the @TwitterSupport account - in more detail and soon. Beikpur also apologized for the "disappointment" caused by this incident for users.

The company disclosed that its own internalemployee tools were hacked and used during the hack. This may explain why even accounts that claim to have two-factor authentication are still trying to trick followers with bitcoin scams.

Bulk blocking after hacker attack

The company has taken an unprecedented measure toprevent tweets from spreading from verified accounts starting at approximately 6PM ET. It would appear to be the first time Twitter has done this in the company's history. The company updated its stance on restricting tweets at 7:18 pm ET, saying it will continue to restrict the ability to write posts, reset passwords and some other account features while the hacker attack is investigated.

As of 8:32 pm ET, the ban has been lifted.

IN 20:41 ET Twitter said that "most" verified accounts should be able to post tweets. As we developers work to fix the situation, functionality can come and go, the company explained.

Although Twitter hasn't confirmed how it worksselective lock, it seems to only apply to accounts that have been verified. Unverified accounts could still tweet normally, while verified accounts could only retweet existing messages.

At 18:On 18 ET, it was reported that some users might not be able to post, and it was noted that password reset may be disabled while the service is working to correct the situation. An hour later, the company said it continues to restrict tweets, password resets, and "and some other account features." Some Verge employees automatically logged out of their accounts after Twitter started restricting posts.

How did the hack happen? All the details of the hacker attack

It looks like the operation has affected many majorcompanies and extremely famous people. This suggests that hackers have found a serious loophole in the Twitter login or account recovery process, or in third-party applications. Another option is that the attacker somehow gained access to the administrative privileges of the Twitter employee.

Now numerous underground hacker groupsshare screenshots of Twitter's internal admin tool, which was allegedly used to hijack verified accounts. Twitter is currently removing the screenshot from its platform and in some cases pauses users who continue to share it.

In updating his hacking investigationMotherboard says it spoke to hackers who say they paid a Twitter employee to change the email addresses of popular accounts using an internal tool so they can then monitor them.

Motherboard also shared some screenshots of the internal tool, presumably at the center of the hack.

Twitter confirmed that the hack used employee tools.

Musk has long been a target forbitcoin scammers, many of whom create fake accounts designed to look like an entrepreneur and respond to his tweets. The social network even began blocking some accounts that change their name to "Elon Musk", and in the spring of 2018, the company identified cryptocurrency scammers as a source of known manipulation and deception, which it intended to root out through bans and other moderation strategies.

How much did the hackers make?

Some people have obviously succumbed to scamsand sent the money to the corresponding BTC address as the transaction records are public due to the nature of blockchain based cryptocurrency. So far, the scammers have accumulated almost $ 120,000. However, the account holder is sending money somewhere else, as the daily ending balance fluctuated up and down during the day.

FBI reaction

The Federal Bureau of Investigation is aware of the incident of hacking the Twitter accounts of entrepreneurs Elon Musk, Bill Gates, Joseph Bezos and others in order to steal users' money.

The FBI San Francisco office said,that, apparently, the accounts were hacked to carry out cryptocurrency fraud. The Bureau recommends that the public not be fooled by this fraud.


Twitter is likely to host the next fewdays investigating how this incident happened. It seems likely a criminal investigation in which the company may not be able to fully describe the events of the environment. But it’s very important that Twitter talk about what happened and what it’s going to do as soon as possible so that it never happens again.

After the Wednesday catastrophe, it is hardly hyperbole to suggest that our world might be in the balance.

Read also

Look at the huge “wall” of hundreds of thousands of galaxies behind the Milky Way

Comet NEOWISE is visible in Russia. Where to see her, where to look and how to take a photo

It turned out that made the Mayan civilization leave their cities