Twitter experienced an unprecedented hack on Wednesday when bitcoin scammers sent a series of tweets from the official accounts of Apple, Uber, Joe Biden, Elon Musk and hundreds of others, reaping more than $100,000 and raising security questions for the social media platform.
Appearing across multiple accounts in a matter of minutes, the various tweets promised users the account holders would double donations from anyone who sent funds to a bitcoin address.
According to Blockchain.com, more than $100,000 was received at that address about an hour after the first hack, which appears to have tricked at least 313 users.
Some of those tweets were deleted, presumably by the accounts’ real owners, only for similar ones to reappear shortly after, suggesting that hackers continued to control the accounts.
Twitter told users that they “may be unable to Tweet or reset your password while we review and address this incident”. Its shares fell more than 4 per cent in after-hours trading.
One typo-laden tweet from the account of Mr Musk, chief executive of Tesla, said: “Feeling greatful, doubling all payments sent to my BTC address. You send $1,000 and I will send $2,000 back!”
© Screenshot of tweet © Screenshot of tweet
Mr Gates’ account posted a similarly worded tweet. A later tweet from Mr Musk’s account, since deleted, told users he had already paid out $45,000.
Apple, whose verified Twitter account @Apple has never sent a message since its creation in September 2011, tweeted: “We are giving back to our community. We support Bitcoin and we believe you should too!”
Twitter has worked on bolstering security features, including its two factor authentication, particularly after the account of Jack Dorsey, its chief executive, was hacked last year. The company said at the time that its systems had not been compromised but that Mr Dorsey’s mobile provider had a security flaw, which allowed hackers to send tweets via text message.
But the scale of Wednesday’s attack, targeting the largest number of high-profile users to date, raises serious questions about the hackers’ capabilities, and whether the fault lies with Twitter or elsewhere.
Twitter said in a tweeted statement: “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”
Cryptocurrency scams have long existed on Twitter and other social media platforms, often impersonating well-known figures and encouraging users to send money to anonymous addresses.
The hacked accounts included at least three of the world’s richest people — including Jeff Bezos, Amazon founder, as well as Microsoft’s Mr Gates and Tesla’s Mr Musk — plus former President Barack Obama and Democratic presidential nominee Mr Biden. Others that were hacked include rapper Kanye West, and numerous cryptocurrency exchanges and high-profile crypto industry figures.
The Biden campaign said Twitter locked down the account “immediately following the breach” and removed the tweet. “We remain in touch with Twitter on the matter,” the campaign added.
The companies involved were scrambling to respond.
Uber acknowledged the hack on Twitter, saying: “Like many others, our account was hit by a scammer today. The tweet has been deleted and we’re working directly with @Twitter to figure out what happened.”