The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam.
Most of the messages requested a transfer of Bitcoin with a promise of doubling all payments made within 30 minutes of posting.
“I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes… Enjoy!” read a fake tweet on Elon Musk’s Twitter account alongside a public Bitcoin wallet address.
“Everyone is asking me to give back, and now is the time,” read another fake tweet on Microsoft founder Bill Gates’s Twitter feed. “You send $1,000, I send you back $2,000.”
This audacious attack is yet another cyber moment for the, “Too good to be true” files. While the logical question might be, “Would Obama, Musk or Gates really do this?” The follow up question that makes this big news, “What if this is legit?”
Social engineering works because humans are gullible–even the most jaded among us. The magnitude of the attack should give us pause. While it is possible the hackers figured out the login credentials of these extremely high profile people, more likely is that Twitter itself was hacked. Either scenario should scare anyone out of anything but the most rigorous cybersecurity protocols–and one wonders if these accounts implemented two-factor authentication. It seems improbable that all the affected accounts skipped that effective layer of protection.
More serious here is the possibility of a similar attack on a trusted news or government source that falsely announced the death of a national leader or a national security issue. Remember the false nuclear attack alert in Hawaii? There could be more of the same and the result is a further destabilization of the truth in an environment where cries of “fake news” have already wreaked havoc.
It is thought that roughly 100 million Twitter users saw the bitcoin related tweets and that the scam hauled in more than $100,000 from 230 bitcoin accounts within an hour of posting.
“It’s really unlikely that Bezos, Musk, and especially Biden all had credentials compromised,” said Authy security advocate Kelley Robinson to NBC News.
Twitter announced that it was investigating the incident. In the meantime, always pause before sinking your jaws around offers way too good to be true. Never send money to anyone–not even people you know–just because they ask for it. And finally, never trust; always question; always verify.