Bill Gates. Elon Musk. Barack Obama. Jeff Bezos. Mike Bloomberg. Joe Biden. Kanye West. Those are just a handful of the major, million-plus-follower Twitter accounts that were compromised Wednesday afternoon, each in service of a bitcoin scam that has already earned the hackers behind it well over $100,000 in a few short hours. And counting. In response, Twitter appears to have blocked many, if not all, verified accounts from tweeting.
The trouble appears to have started in the early afternoon, Eastern time, when the accounts of several major cryptocurrency players were hacked within minutes of one another. Targets included Binance CEO Changpeng Zhao, the exchanges Bitfinex, Gemini, and Coinbase, the news site Coindesk, and several others. They all shared an identical message about “giving back to the community” and a link to a site called Cryptoforhealth. That page currently does not load.
The attackers soon moved on to high-profile tech executives, companies, celebrities, and politicians, who posted tweets with a more overt scam. The language has remained fairly consistent across the hacked accounts. “I am giving back to the community,” a typical victim’s tweet reads. “All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.” Numerous non-verified accounts also sent out similar messages, but it’s unclear whether those accounts were also compromised or if some of them were bots.
All the messages appear to lead back to the same digital wallet, which received its first incoming transaction at 3:03 pm EDT. It has recorded around 300 transactions since, although several of those are outgoing. It’s not clear at this time to where.
This kind of bitcoin scam is a classic, although usually it involves people impersonating celebrity accounts rather than actually hacking them. We wrote about it a couple of years ago. A scammer creates a fake Elon Musk account, say, and promises to pay out a big chunk of bitcoin to anyone who sends a small amount to their digital wallet. And that’s the whole scam.
Or at least it was, until hackers figured out how to take over dozens of the most popular accounts on Twitter.
“These scams work because of a gambling mentality: Give a little bit of money, get a lot of money,” says Ronnie Tokazowski, a senior threat researcher at the email security firm Agari. “Just the idea of risk versus reward. It’s especially dangerous right now, because so many people are struggling.”