A coordinated Twitter hack is actively happening, impacting nearly all major crypto exchanges as well as famous founders/CEOs like Elon Musk, Bill Gates, Jeff Bezos and Pres. Obama.
Each affected account is promoting a COVID-related crypto giveaway scam asking users to send bitcoin to a designated Bitcoin address, the amount of which will be doubled by the account’s owner. Based on the hacker’s blockchain, victims have already sent these hackers $130k USD thus far.
Please see below for a comment from Satnam Narang, a longtime social media scam expert, and researcher at Tenable. Satnam’s expertise covers a wide swath of unique financial scam operations on social media platforms, including TikTok, Instagram, Tinder, Twitter, Facebook, and more.
Satnam Narang, Staff Research Engineer at Tenable
Several notable Twitter accounts in the cryptocurrency space have seemingly been hacked in a mass coordinated attack, including exchanges like @Coinbase, @Binance, @Gemini, @KuCoin, @Bitfinex,
CEOs and founders like @CZ_Binance, @JustinSunTron, @SatoshiLite, cryptocurrency accounts like @TronFoundation, to promote a COVID-19 cryptocurrency giveaway scam.
The accounts tweeted that they “partnered with” a company called CryptoForHealth. The domain for this website was registered on July 15. The website itself claims that to help with the hard times endured by COVID-19, they’re partnering with several exchanges to provide a “5000 Bitcoin (BTC) giveaway” which is a ruse for advanced free fraud.
In separate but related attacks, the verified accounts of Bill Gates, Elon Musk, Kanye West and Uber were also compromised to promote a cryptocurrency giveaway. Their tweets used the same Bitcoin address we observed on the CryptoForHealth site, indicating that this is likely a coordinated attack.
The hackers ask users to send anywhere between 0.1 BTC to 20 BTC to a designated Bitcoin address and that they’ll double victims’ money.
This is a common scam that has persisted for a few years now, where scammers will impersonate notable cryptocurrency figures or individuals. What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams.
Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater.
This is a fast-moving target and so far over $50,000 has been received by the Bitcoin address featured on the CryptoForHealth website and in Elon and Bill Gates’ tweets.
We strongly advise users never to participate in so-called giveaways or opportunities that claim to double your cryptocurrency because they’re almost always guaranteed to be a scam.
Sharing insights from Ping Identity CCIO Richard Bird on what makes the crypto/Twitter hack so concerning, and speculating as to the root cause:
“The Twitter hack pumping a Bitcoin link is extremely troubling given the early reports that some of the accounts in question had multi-factor authentication (MFA) in use. MFA has been shown to be exploitable, but predominantly through social engineering methods.
That seems unlikely in this case, making a full disclosure from Twitter on the methods used by the bad actors all the more important.
The Twitter hack highlights how bad actors are using highly trafficked social media channels to wreak havoc. The news of this exploit is extremely concerning as it really focuses attention on the inherent weaknesses in Big Tech security, which has been a point of focus across the country as we head into a presidential election and as we navigate the challenges driven by the pandemic.
Disinformation and exploitation of supposedly trusted social media channels only amplifies the anxieties and concerns that consumers and citizens are already dealing with in this country and others.” — Richard Bird, Chief Customer Information Officer, Ping Identity