The whole story of hackers taking over Twitter: The dumbest scam ever used to get $110,000 in Bitcoin

The attack started with big names and well-known companies in the blockchain industry, such as Gemini, Coinbase, Binance CEO Zhao Changpeng, Tron founder Sun Yuchen, and blockchain media CoinDesk.

Text | Huang Xuejiao Operation | Gai Yao Editor | Hao Fangzhou

Produced by | Odaily Planet Daily

At around 3 a.m. on July 16, 2020, Beijing time, researchers from the CertiK security team detected that the accounts of several political and business celebrities on Twitter had been stolen, and they were posting Bitcoin phishing information one by one.

The attack started with big names and well-known companies in the blockchain industry, such as Gemini, Coinbase, Binance CEO Zhao Changpeng, Tron founder Sun Yuchen, and blockchain media CoinDesk.

It then went viral, with names including Bill Gates, Amazon founder Jeff Bezos, Tesla CEO Elon Musk, Bloomberg, famous singer Kenye West, former US President Barack Obama and former Vice President Joseph Biden, and even Apple's official Twitter account being affected.

The attack method is to post the same promotional information on the hacked account, saying that anyone who sends Bitcoin to a certain Bitcoin account will get double the return, and the activity is limited to participation within 30 minutes.

As for the source of the vulnerability, no reliable clues have been found yet. But Richard Ma, founder of Quantsamp, speculated, "Based on the information we have collected so far, this is an internal Twitter security vulnerability. Hackers were able to compromise Twitter and gain access to internal administrator functions."

After 4 hours of waiting, these phishing addresses finally received more than 12 bitcoins, with a total value of more than $110,000 at current prices.

According to the latest observations from cryptocurrency tracking company Chainalysis, these defrauded bitcoins are already "on the move."

Chainalysis is monitoring four wallets associated with the attack. The main address received $120,000 in Bitcoin from 375 transactions; another address received $6,700 in Bitcoin from 100 transactions; and an XRP wallet received nothing. So far, an unrelated wallet has received a total of 5 Bitcoins ($46,055).

A Japanese wallet that sent $40,000 in Bitcoin to the scammers appears to be the biggest victim of this incident. In addition, no BTC has yet been cashed out for fiat.

More than an hour after the hack, Twitter took action to block verified accounts from posting tweets.

The phishing messages were subsequently deleted, and Twitter said several verified Twitter accounts have now been restored and most accounts can (now) send tweets again.

As the largest exchange in the United States, Coinbase uses internal operations to block any transactions attempting to pay scammers' addresses, which undoubtedly protects user security to a certain extent.

The vulnerability now appears to be fixed and the damage is being contained, but the impact goes far beyond that.

Twitter shares fell 4% in after-hours trading (over-the-counter) as a result of the attack.

This attack is not an isolated case. Twitter accounts are hacked and stolen every year. In addition, the previous incident of 30 million user account information being leaked shows that the system of Twitter, a social empire, is vulnerable at some level.

EOS founder BM took the opportunity to complain, “…This is the same as every speech I’ve made on the value of blockchain and hardware keys. It’s time for Twitter to adopt blockchain.”

In addition, some people worry that this incident will link Bitcoin with fraud and hackers, thereby "stigmatizing" it.

Crypto analyst Joseph Young said with frustration that this is the worst thing I have found since March 13. This is an absolute shame. Before this problem is solved, don't believe anything anyone posts on this platform, and don't send any bitcoins to anyone.

But some also believe that, for better or worse, the attack has actually brought attention and clicks to Bitcoin.

Of course, this kind of world news cannot be without Sun Yuchen. After the attack, Sun Yuchen quickly took action on Weibo, offering a reward of one million US dollars to catch the mastermind behind the Twitter hack.