July 15 was not a good day for Twitter and hundreds of its high-profile users. On Wednesday evening, hundreds of the verified Twitter accounts fell prey to a bitcoin scam. A hacker gained access to their accounts and started posting tweets saying that if people send them bitcoin to a given address, they would send back twice the money. And they were “doing this only for the next 30 minutes.” Wondering how all those popular Twitter accounts got hacked? Let’s find out.
Celebrities, billionaires were all doubling your money
The hacker managed to gain control of the official accounts of Bill Gates, Elon Musk, Apple, Uber, Jeff Bezos, Joe Biden, Kanye West, Wiz Khalifa, Kim Kardashian, Cash App, MrBeast, and dozens of other popular names. For just a few hours, the hacker had enough power to start the Third World War. But he/she chose to trick people into sending him bitcoin.
Even after Twitter managed to regain control and deleted the tweets, many of the handles were able to post similar messages again. A frustrated Twitter eventually locked down the affected accounts temporarily to prevent them from sending tweets and messages. But these handles were still able to retweet the tweets of other handles.
The Bitcoin scam went on for about five hours. And the bitcoin wallet promoted by the hacker received at least $100,000 from more than 300 transactions. Twitter Support lifted all the restrictions around 9:30 PM ET on Wednesday.
How the Twitter accounts got hacked
Sources familiar with the matter shared the details and screenshots of the hack with TechCrunch and Vice. A hacker going by the name Kirk used to steal vanity Twitter usernames and sell them for hundreds or thousands of dollars. But on Wednesday, Kirk decided to take control of hundreds of popular Twitter handles and ask the followers of those handles to send him bitcoin.
According to TechCrunch, Kirk had gained access to an internal tool on Twitter’s network. It’s unclear how he got access to the internal tool. But TechCrunch’s sources believe that he might have hijacked a Twitter employee’s corporate account. The internal tool in question allows Twitter employees to reset email addresses associated with accounts, and make other changes.
According to Twitter Support, someone who “successfully targeted some of our employees with access to internal systems and tools” carried out the “coordinated social engineering attack.” It’s also possible that the person using the Kirk nickname himself was a Twitter employee with access to all the internal tools needed to pull off this hack.