The hack asked for bitcoin donations.
A number of high-profile Twitter accounts were simultaneously hacked on Wednesday by attackers who used the accounts — some with millions of followers — to spread a cryptocurrency scam.
@bitcoin, @ripple, @coindesk, @coinbase and @binance were among the accounts hacked with the same message: “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a website, which we are not linking to.
The scammer’s website was quickly pulled offline. Kristaps Ronka, chief executive of Namesilo, the domain registrar used by the scammers, told TechCrunch that the company suspended the domain “on the first report” it received.
Top comments (14)
I'm going to be curious to see how this unfolds!
As this Verge article describes, Gemini was hacked but they had both strong passwords + 2FA enabled! So, it'll be interesting to see how that account as compromised despite that.
If scammers used employees "internal tools" and were able to impersonate anyone on Twitter, what's more scary to me is how powerful Twitter employees are.
Developers are able to impersonate others... in a production environment ... on Twitter! That sounds like a scary lack of basic security boundaries.
According to this article by Vice, it was an employee who either got paid or hacked.
This allowed the hackers to intercept the 2fa and password reset token, allowing them to change the password and give themselves access to the accounts.
The latest official developments can be found on the official TwitterSupport account, as long as this one isn't compromised!
That's insane! The developers over at Twitter must be panicking, hope they manage to figure out a solution/fix soon 🙏
Well, it's nice to know there's a reason they employ so many developers over there -
I'm surprised some of these tweets stayed online as long as they did, especially the ones that came later in the hack.
I assume this was a password breach, but I'm not sure if there's more info yet.
As I've read it was a bug in one of there APIs.
I don't think the "hacker" had any access to their actual accounts
I wonder what this hacker will end up making (it should be publicly visible, right?) vs. what they could have taken home with an ethical security disclosure.
Via this source Twitter has paid out $1.3m to date, with $20k as the top bounty payout.
Here's a thread from Twitter support about what happened: twitter.com/TwitterSupport/status/...
As bad as all of this is, we gotta tip our hats to those scammers. What they did was nothing short of impressive. 🤔
I think this is the only time Apple has tweeted from its official account.
When I saw the tweet from elon musk it just seemed like a perfectly normal thing for him to say on Twitter tbh