The hack asked for bitcoin donations.
A number of high-profile Twitter accounts were simultaneously hacked on Wednesday by attackers who used the accounts — some with millions of followers — to spread a cryptocurrency scam.
@bitcoin, @ripple, @coindesk, @coinbase and @binance were among the accounts hacked with the same message: “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a website, which we are not linking to.
The scammer’s website was quickly pulled offline. Kristaps Ronka, chief executive of Namesilo, the domain registrar used by the scammers, told TechCrunch that the company suspended the domain “on the first report” it received.
Top comments (15)
I'm going to be curious to see how this unfolds!
As this Verge article describes, Gemini was hacked but they had both strong passwords + 2FA enabled! So, it'll be interesting to see how that account as compromised despite that.
If scammers used employees "internal tools" and were able to impersonate anyone on Twitter, what's more scary to me is how powerful Twitter employees are.
Developers are able to impersonate others... in a production environment ... on Twitter! That sounds like a scary lack of basic security boundaries.
According to this article by Vice, it was an employee who either got paid or hacked.
This allowed the hackers to intercept the 2fa and password reset token, allowing them to change the password and give themselves access to the accounts.
The latest official developments can be found on the official TwitterSupport account, as long as this one isn't compromised!
I'm surprised some of these tweets stayed online as long as they did, especially the ones that came later in the hack.
I assume this was a password breach, but I'm not sure if there's more info yet.
That's insane! The developers over at Twitter must be panicking, hope they manage to figure out a solution/fix soon 🙏
Well, it's nice to know there's a reason they employ so many developers over there -
As I've read it was a bug in one of there APIs.
I don't think the "hacker" had any access to their actual accounts
I wonder what this hacker will end up making (it should be publicly visible, right?) vs. what they could have taken home with an ethical security disclosure.
Via this source Twitter has paid out $1.3m to date, with $20k as the top bounty payout.
Last month I got ripped off about 245,000 USD in a pig butchering theft where I got contacted by a fake broker who introduced me to trade signals stating I could earn about 15percent profit on my trades so I gave it a try. At first I earned profits with little funds at the long run when I decided to input large funds I found out I couldn’t access my trade or withdraw my profits then I knew I’ve been cheated. Then I came on the web despite being an unsafe place, fortunately for me after thorough search I found RECOVERYBUREAUC @ GMAIL C0M with many positive reviews on asset recovery so I hired them and truly within few hours I could recover part of my stolen funds then the remaining subsequently. This was indeed a great assistance, report all theft cases to this specialist for ease retrieval. He’s the best and real deal…
Here's a thread from Twitter support about what happened: twitter.com/TwitterSupport/status/...
When I saw the tweet from elon musk it just seemed like a perfectly normal thing for him to say on Twitter tbh
I think this is the only time Apple has tweeted from its official account.