Many high-profile Twitter accounts were hacked today to spread a Bitcoin scam. The accounts included those of SpaceX CEO Elon Musk and Microsoft co-founder Bill Gates. The tweets (spotted by TechCrunch) that have now been removed by the users claimed that the individuals were “giving back” or “doubling” the number of Bitcoins sent to the account.
Other accounts such as that of Coinbase, CoinDesk, and Binance were also compromised. According to TechCrunch, the scammer’s website was flagged by Cloudflare as a phishing site but was still accessible when clicked on. At the time of writing, the scammers’ site had already collected up to 2.8 Bitcoins, averaging to about $25,700. A spokesperson for Binance, a cryptocurrency exchange platform provider, told the publication that its security team is investigating the breach. Several other companies that the source reached out to did not respond to a request for comment.
It is currently not clear how the accounts were compromised. A statement by Coindesk added that several of the hacked accounts had multi-factor authentication enabled, suggesting that the breach could have been made possible by a Twitter vulnerability. Additionally, the hackers reportedly took over the accounts completely, even changing the email addresses linked to those accounts, making it difficult to reset the passwords and take back control.
A Twitter spokesperson said that the microblogging website is “looking into” the matter. However, it is advised to be careful of any such messages from prominent Twitter users promising returns on Bitcoin donations.
Update: Twitter Support has posted a statement that reads:
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.