Today the biggest hack in the history of Twitter shocked everyone when some of the most popular and verified twitter accounts got hacked for Bitcoin Scam.
Many didn’t notice but it all started with twitter account of famous crypto influencer AngeloBTC approx 1 hour before Binance tweet. AngeloBTC posted that he will be starting a paid telegram group for which price is 0.1 BTC.
Soon At 12:43 AM Binance official twitter account got hacked and posted a scam website link “CryptoForHealth.com” claiming to give away free bitcoins. This was the start of the upcoming storm. Immediately CZ (CEO of Binance) tweeted alerting users to not click the website link posted on Binance tweet. But later his account also got compromised.
This marked the start of hacking of multiple popular twitter account including Barack Obama, Wiz Khalifa, Gemini exchange, Coindesk, Justin Sun, Kim Kardashian, Kucoin, Crypto Bitlord, Bitfinex, Bitcoin.org, Tron, Litecoin creator Charlie Lee, Amazon founder Jeff Bezos, Joe Biden, Elon Musk, Cash App, Bill Gates, Apple, Mike Bloomberg, Uber, Floyd Mayweather, Even Kanye, MrBeastYT and Ripple. Soon after twitter blocked the domain cryptoforhealth.com from being posted on the platform, the hacker started to post the bitcoin address directly. Below are the screenshots of a few. All the tweets are now deleted by twitter.
Once a user visits the scam site CryptoForHealth.com, he sees a message claiming to double the bitcoin send to the mentioned bitcoin address. The site also claimed that it has partnered with Huobi, Kucoin, Gemini, Binance, Coinbase Trezor to give back the community in these tough times of COVID-19. The website is now taken down after being reported but we got a screenshot of it.
We have also tracked WHO.IS information of the domain cryptoforhealth.com. Name used to register the domain was Anthony Elias, Country US, Phone No. +1 3185553332, and Email id. firstname.lastname@example.org. Though all the details seem to be fake. WHO.IS information is also hidden now. Also, domain was registered on 15-07-20 just before the twitter hack.
After much of the damage done Twitter Support stepped in at 3:15 AM and started taking action to stop the hack. Twitter blocked the website address, the bitcoin address, and then finally blocked every verified twitter account and important crypto accounts from tweeting.
You may be unable to Tweet or reset your password while we review and address this incident. We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience. Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.Twitter Support
Later Twitter Support tweeted about their investigation and revealed that some of their employees with access to internal systems and tools were targeted.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it. Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this. This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do. We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.Twitter Support
We have detected 4 different address used by the hacker on various twitter account to scam users and send funds.
- bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh This is the most used bitcoin address posted on the majority of hacked Twitter accounts. This address has a total of 377 transactions with a total of 12.8659 bitcoin received.
- bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l This bitcoin address used on Kim Kardashian account when twitter blocked previous address. This address has a total of 38 transactions with a total of 0.553 bitcoin received.
- 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF This bitcoin address is used to scam AngeloBTC followers (unconfirmed). This address has a total of 54 transactions with a total of 14.7588 bitcoin received. But we have noted that there are also many old transactions.
- rhYSX8qSpoU7Dwjh6vMSuACu8MBECn6bQR This ripple address was posted to Ripple twitter account. We are unable to track this address.
Some photos are being circulated on social media claiming that hacker has access to twitter’s employee login panel. Twitter Support has also indicated about that.
We are still gathering more details about the hack and will be posting another article soon. For instant update, you can join us on telegram @hodlertvindia