July 15 will be a notorious day for Twitter, as an unknown attacker has managed to take control of a number of accounts on the social media platform before seducing unsuspecting users into a misleading Bitcoin gift campaign.
The event caught media attention when some of the world’s best-known companies, politicians, and business leaders saw their accounts compromised before spreading similar Bitcoin Gift (BTC) messages. To do this, users had to send their coins to an address before they received the double amount.
Like user accounts Tesla founder Elon Musk, former President of the United States Barack Obama, 2020 US presidential candidate Joe Biden, Amazon owner Jeff Bezos, and Microsoft co-founder Bill Gates were invited to share related messages asking users to pay $ 1,000 – Send dollars to BTC to an address to receive $ 2,000 in return for BTC.
Like the company’s Twitter accounts Apple, Uber, and CashApp were also used to release duplicates of the original message. The Hollywood celebrity couple Kanye West and Kim Kardashian, and the rapper Wiz Khalifa and the deceased XXXTentacion, In addition to many other celebrities, they were also victims.
Notable numbers from the world of cryptocurrencies like Changpeng “CZ” Zhao, Justin Sun, Charlie Lee, King Cobie and AngeloBTC were also victims of the hack. The main crypto exchanges Binance, Coinbase, Bitfinex and Gemini were also victims of the attack. together with the accounts of Bitcoin and Ripple Twitter.
Some of these accounts did not directly contain the same Bitcoin address used in the Musk account and other, Instead, they urged users to visit a malicious website to be considered for a fake 5,000 BTC gift. Users allegedly You would receive double the amount of BTC that you sent to the address provided.
Since then, The website and domain registration information has been removed from the Whois domain registration database for privacy reasons. However, The name and physical address of the registered owner have been widely used.
The last search for the BTC address shared by Musk and the other vulnerable Twitter accounts, shows, that It has received 12,86584703 BTC since the hit started. Attackers too They tried to take control of Cointelegraph’s Twitter account but were unsuccessful.
For some of the unfortunate hacking goals, like CZ, the CEO of Binance, A large-scale Twitter account hack by high-profile users and the theft of more than 12 BTC is “a wake-up call for social media and media platforms”.
An internal job?
There is evidence that an attacker or an active Twitter developer may have helped the attacker. because they had access to the governing bodies of the various accounts that were at risk. Twitter Approved that the attackers had accessed the employees’ internal tools that allowed them to take complete control of the different accounts. Other users in Twitter They speculated that the attackers Phone numbers changed and verification email addresses to take control of accounts.
Vice’s main panel reported that screenshots of a hacker using an internal Twitter user management tool for several of the accounts in question were shared between groups of hackers. The publication also stated that The hackers confirmed that a Twitter employee was paid to gain access to the tools needed to carry out the shameful attack.
For example, A screenshot of the administration area of Binance’s Twitter account has been shared and is widely distributed on social media. It goes without saying that Due to the confidential information displayed on these pages, Twitter began to remove screenshots from user management areas that were published by various accounts on the platform.
Twitter then took steps to curb further damage by blocking the affected accounts and eliminating the shameful tweets. Then the social media platform When investigating the situation, the functionality of a larger group of verified accounts was restricted. As a result, users began to experience restricted functions. The Twitter account of, Whale Alert informed her followers that the changes meant that her bot could no longer notify users with automatic posts on the platform.
A hidden message
This saga is made even more intriguing by the discovery of a message on Reddit by users who discover a message that is not so hidden in one of the outgoing transactions. The sender of that particular transaction, spent $ 11 in transaction fees to include the following text in the transaction:
“Just read everything. Outgoing transactions as text. You take risks when you use Bitcoin. For your use of Twitter. Bitcoin is traceable. Why not Monero?”
What is not clear is Whether the sender of this message was responsible for the Twitter hack or just another user who took the opportunity to promote Monero’s privacy-oriented cryptocurrency (XMR).
The movement of funds
Just over 24 hours after the attack, the perpetrators began to transfer part of the money to an address that Bitcoin had previously sent to BitPay and Coinbase to wallets. The various Twitter accounts that were compromised had caused users to send their BTCs to an addressbut the means now You would have moved to a different address.
The blockchain analytics company, Whitestream has identified three different transactions from address to these traditional cryptocurrency exchanges. One involved a transfer of 1.2 BTC in Maywhile The last two transactions were carried out on Twitter two days before the debacle.
Cointelegraph has also reported that Binance, Coinbase, and BitGo may have information that could identify who is behind the incident. Cointelegraph contacted CZ’s Binance to find out if Twitter has released details about how the malicious actors gained control of the company’s account and personal profile. CZ confirmed that there was no information from Twitter as to who was responsible for the attack.
When CZ looks at the incident from an ideological perspective, he believes the Bitcoin violation is not necessarily badly reflected, and shows that the cryptocurrency is inherently valuable. On the other hand, According to CZ, it is difficult to argue against the idea that the hack misrepresented Twitter and its internal security system, which should lead to improvements:
“We believe that this is a good wake-up call for all social media platforms to renew their security practices in the face of the increasing introduction of cryptocurrencies. Social media platforms are no longer just a place to share a selfie, but can and are used for financial transactions and even crime, and more security needs to be built on these platforms. ”
CZ highlighted the reality that many social media platforms don’t even offer 2FA (two-factor authentication) options. Until recently, this was the case on Twitter, but even The introduction of 2FA has become redundant with other security options that bypass its effectiveness:
“Twitter added the 2FA feature not too long ago, but its implementation is flawed, giving an attacker the ability to deploy brute force to an account and block the original account holder. Even if the 2FA and email If the address is reset, the purpose of 2FA will be nullified. I tweeted about it less than a month and a half ago. “
If It was a trick in the management system of the Twitter backend. CZ suggested that Twitter and other social media platforms You must “quickly move to a trustless security architecture where even internal employees cannot do this type of account entry”.
CZ believes that This trick highlights what he called “inherent flaw in a centralized web”. WhatUnfortunately, it has involved Bitcoin as a tool for stealing funds. The CEO of Binance cIf there is anything positive about leaving the high profile event, since attention is now paid to the solution of the problem: “This is something we, the players in the cryptocurrency industry, have been asking for a long time and it will finally get real attention.”
A reminder of good cyber security measures
Cyber security company Kaspersky also intervened in the series of events that have occurred recently in conversation with Cointelegraph. The communications officer for Kaspersky Threat Investigation and Security Intelligence, Blair Dunbar told us that the company can only draw conclusions about the facts that have been publicly confirmed:
Twitter wrote that several of its employees were victims of the attack. This indicates that criminals have attempted to access the platform infrastructure through their accounts. In addition, the fact that criminals had instant access to such a large number of accounts indicates that something was compromised in the internal system. “
According to Dunbar The motive behind the attack appears to have been a financial gain aimed at a criminal group. The company believes that a nation state uses access to collect “private information like DMs from people of interest” instead of taking control of the accounts of well-known companies like Uber, Apple and the various compromised trading accounts.
While the situation was negative for both Bitcoin and Twitter in terms of public perception, Dunbar believes that this doesn’t necessarily mean that the cryptocurrency is only used as a vehicle for hackers. “Any criminal can misuse cryptocurrency for their own malicious purposes, but that doesn’t mean the cryptocurrency is to blame.” Do you think too? Twitter will recover from the incident: “As for Twitter, you should work to regain the trust of your users.” Still, they seem to take this bump very seriously. “
According to Dunbar The situation is a clear reminder that users of social media platforms and online tools should be aware of the threat posed by hackers and shameful organizations and take appropriate security measures. But Above all, users should “be skeptical, even if this information comes from a supposedly reliable source”.
In the same way, CZ recalled that the public must exercise caution when it comes to gifts, donations and online projects: “This is also an opportunity to educate the masses and an important step for people to learn not to fall. in online scams, even if their favorite idol asks them to donate or transfer money. “