A massive hack of Twitter accounts has seen dozens of high-profile accounts compromised and tweeting a Bitcoin scam. Some of the accounts affected include those belonging to Bill Gates, Elon Musk, Barack Obama, Kanye West, Jeff Bezos, Joe Biden, Warren Buffet, and cryptocurrency exchanges Coindesk, Binance, and Gemini. Ride-sharing service Uber's account was also affected, as were a huge number of other verified accounts, from trivia accounts to those of prominent streamers.
What happened? — Rumors in the information security sector that began circling shortly after the scam tweets appeared suggest that a Twitter employee with access to the user management panel was targeted. "That would explain why none of the tweets appear to be coming from a 3rd party app and even affected accounts with 2FA," journalist Mikhael Thalen, said in a tweet.
The support account later added that users might be unable to tweet or reset their passwords while the issue was being investigated. Which meant, for a time, no verified users (those with the blue tick next to their name) could tweet. Verified accounts could, however, continue to retweet posts.
"We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly," Twitter said in a statement from is official support account at 5:45 PM ET.
Unprecedented scale — While Bitcoin scams aren't new, one of this scale is, and Twitter must be scrambling not only to undo the damage and figure out how the accounts were compromised, but how to ensure it doesn't happen again, especially to such high-profile accounts, which collectively reach hundreds of millions of users. This is likely the largest security breach in Twitter's history.
The scammed have no recourse — Some Twitter users will, inevitably, be taken in by the scam, and those that are won't have any recourse, because it's impossible — by design — to reverse a Bitcoin transaction. Bitcoin transactions can't be reversed or canceled as a compromised credit card can. The only way to get Bitcoin back is if the account it's sent to voluntarily sends it back.
Fortunately, however, the average internet user probably doesn't know how to send a Bitcoin payment, and likely doesn't hold any of the world's best-known cryptocurrency.
A widespread attack — One of the more amusing parts of the hack was that Apple's Twitter account fell victim, too. It's never been used for any actual Apple content. Apple (or Twitter) rectified the situation swiftly, though, and the Tweet was removed the company's account within minutes. The tweets on Kanye West and Jeff Bezo's accounts were similarly swiftly removed. Bill Gates' account appeared to be compromised twice, with the initial tweet removed, then replaced with a duplicate, before being deleted again. Elon Musk's, meanwhile, was compromised at least three times in quick succession.
Follow-ups Tweets — Some compromised accounts, like that of former New York Mayor and former presidential hopeful Michael Bloomberg, Tweeted follow-ups to the scam posts claiming to have distributed money (in Bloomberg's case, $40,000) to further encourage people to fall for the scam. The same follow-up post appeared on Barack Obama's account for a time.
The scale of the scam — Because part of the backbone of Bitcoin is a distributed and publicly viewable ledger of all transactions, it's theoretically going to be possible to gauge the scale of the entire scam, which will likely run into tens of millions of dollars.
One notable exception — One of the few, big-name accounts that escaped the hack was that of U.S. President Donald Trump. Perhaps the President's account, like the man himself, gets special protective services. Or perhaps, as one Twitter user speculated, the Secret Service saw the mayhem unfolding and got his account swiftly to a bunker.
From our friends at Inverse:
- July 15 is an important day for Twitter. Maybe it's why hackers chose it.
- A complete list of every verified account that was hacked.
- How the July 15 Twitter hack unfolded in real-time.
- How secure is Twitter, anyway? Its history is spotty.
- Bitcoin is perfect for scams, which is why the hackers probably chose it.