Right now a major security event is occurring on Twitter with the major, verified accounts on the service being used to propegate a Bitcoin scame.
So far we know the list of accounts to be:
- Elon Musk
- Bill Gates
- Jeff Bezos
- Kanye West
- Mike Bloomberg
- Joe Biden
- Uber
- Apple
- CashApp
- Binance
At first you’d think the account details must have been compromised, but security-minded, high-profile people like Musk and Gates are guaranteed to have MFA enabled on their account. Then when we learnt of corporate accounts like Apple and Uber also posting the BTC scam, it’s clear, username and passwords, this is not the entry point.
Since the posts started, we’ve also seen the posts be removed (we assume by Twitter, or the account owner), only the posts, only to have be re-posted.
We’ve also observed that none of the account’s previous posts seem to be deleted, so this all points to a pretty serious security issue with the Twitter platform.
The client used to post the fake tweets can sometimes give us hints to something like a legacy API being used (say sms), being abused, but these are all being posted from the Twitter Web App.
If this is the case, changing your password won’t solve it, this will be up to Twitter to stop.
The Bitcoin scam is unfortunately working. The hackers have already collected 11.959 BTC in a matter of minutes. Based on the current value of Bitcoin (A$13,145.20), this has already earned them in A$157,203.50, but this is growing quickly.
You can watch the transactions to the unknown bitcoin address here – https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh
Despite some of the Tweets being removed, they’re back again. This latest one from Elon Musk’s account comes almost an hour after the original post. This means the hackers still have the ability to post.