{"id":9287,"date":"2020-07-16T21:13:44","date_gmt":"2020-07-16T18:13:44","guid":{"rendered":"https:\/\/forklog.media\/?p=9287"},"modified":"2020-07-16T22:59:22","modified_gmt":"2020-07-16T19:59:22","slug":"hack-of-the-decade-shameless-bitcoin-scam-or-something-much-more-sinister","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hack-of-the-decade-shameless-bitcoin-scam-or-something-much-more-sinister\/","title":{"rendered":"Hack of the Decade: Shameless Bitcoin Scam or Something Much More Sinister?"},"content":{"rendered":"<p>Yesterday, anonymous attackers hacked Twitter accounts of Binance CEO Changpeng Zhao, Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, Barack Obama, Uber, Apple, and many others. They used these accounts to post fraudulent messages promoting the distribution of 5,000 BTC on behalf of a rogue site Cryptoforhealth.<\/p>\n<p><!--more--><\/p>\n<p>Despite hacking a score of highest-profile celebrity and corporate accounts, hackers were able to swindle the public of a bit over a dozen Bitcoins. Yet as the dust settles the world is about to realize the way more dire implications of this Twitter hack.<\/p>\n<h2><b>Preamble<\/b><\/h2>\n<p>This type of scam is certainly not new but it has become increasingly more popular in recent months. Crypto-related Telegram channels are bombarded by screenshots of fake Twitter messages promoting similar giveaway scams.<\/p>\n<p><a href=\"https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/\u041d\u043e\u0432\u044b\u0439-\u0442\u043e\u0447\u0435\u0447\u043d\u044b\u0439-\u0440\u0438\u0441\u0443\u043d\u043e\u043a-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9295 size-full\" src=\"https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/\u041d\u043e\u0432\u044b\u0439-\u0442\u043e\u0447\u0435\u0447\u043d\u044b\u0439-\u0440\u0438\u0441\u0443\u043d\u043e\u043a-1.png\" alt=\"Hack of the Decade: Shameless Bitcoin Scam or Something Much More Sinister?\" width=\"477\" height=\"723\" srcset=\"https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/\u041d\u043e\u0432\u044b\u0439-\u0442\u043e\u0447\u0435\u0447\u043d\u044b\u0439-\u0440\u0438\u0441\u0443\u043d\u043e\u043a-1.png 477w, https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/\u041d\u043e\u0432\u044b\u0439-\u0442\u043e\u0447\u0435\u0447\u043d\u044b\u0439-\u0440\u0438\u0441\u0443\u043d\u043e\u043a-1-198x300.png 198w, https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/\u041d\u043e\u0432\u044b\u0439-\u0442\u043e\u0447\u0435\u0447\u043d\u044b\u0439-\u0440\u0438\u0441\u0443\u043d\u043e\u043a-1-310x470.png 310w\" sizes=\"auto, (max-width: 477px) 100vw, 477px\" \/><\/a><\/p>\n<p>Scammers even <a href=\"https:\/\/www.reddit.com\/r\/Bitcoin\/comments\/hq9chn\/how_does_this_get_approved_as_an_ad_on_youtube\/\">managed<\/a> to pull off buying YouTube ads with these messages.<\/p>\n<p>Until recently this scam remained comparatively small scale. Then the hackers hit Twitter.<\/p>\n<h2><b>Twitter\u2019s Unraveling<\/b><\/h2>\n<p>On July 15, an anonymous group actually hacked a large number of celebrity Twitter accounts and made fake Bitcoin giveaway posts. The exact tally of all affected accounts is not yet available. Among the victims were the world\u2019s most famous entrepreneurs Musk and Bezos, key Democratic party members Biden, Obama, Bloomberg, and global companies like Apple, Uber, Binance.<\/p>\n<p>Most messages followed the same pattern and even the same wording, asking followers to send any amount of Bitcoins to a provided address to receive double the amount back. Obviously, no Bitcoins were ever sent back.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/Snimok-ekrana-2020-07-16-v-00.00.30-1024x758.png\" \/><\/p>\n<p>At the moment, the Twitter team, which responded to the hack with a noticeable delay, knows little.<\/p>\n<p>According to Chainalysis, attackers\u2019 main address received about 12.86 BTC (over $120,000) in a course of 375 transactions. There were two more additional addresses that received very modest donations, while nothing was sent to the XRP account.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">[THREAD] Here&#39;s what we know so far about today\u2019s <a href=\"https:\/\/twitter.com\/hashtag\/Twitterhack?src=hash&amp;ref_src=twsrc%5Etfw\">#Twitterhack<\/a>  &amp; <a href=\"https:\/\/twitter.com\/hashtag\/Bitcoinscam?src=hash&amp;ref_src=twsrc%5Etfw\">#Bitcoinscam<\/a>. As of now, the scam\u2019s main BTC address (bc1&#8230;0wlh) received ~$120k in donations in 375 transactions. No funds have been cashed out at exchanges yet. <a href=\"https:\/\/t.co\/Jg9og3CFCz\">pic.twitter.com\/Jg9og3CFCz<\/a><\/p>\n<p>&mdash; Chainalysis (@chainalysis) <a href=\"https:\/\/twitter.com\/chainalysis\/status\/1283576349630836737?ref_src=twsrc%5Etfw\">July 16, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The most unlucky victim of the scam parted with $40,000 worth of Bitcoins. According to Chainalysis, his wallet has interacted with Japanese exchanges in the past. The rest of the transactions came mainly from exchanges.<\/p>\n<p>Twitter was slow to react and fraudulent posts were allowed to remain unredacted for hours. The exchanges took upon themselves the role of first responders and began blocking transfers to accounts used by the criminals.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\u201eKudos to Coinbase- I tried sending a small amount to the account after seeing Elon Musk&#39;s tweet, and Coinbase prevented the transaction from occurring.\u201c<br \/>Looks like other exchanges are doing the same. Underrated layer of defense<a href=\"https:\/\/t.co\/JAtWJAN9MF\">https:\/\/t.co\/JAtWJAN9MF<\/a><\/p>\n<p>&mdash; Hasu\u26a1\ufe0f\ud83e\udd16 (@hasufl) <a href=\"https:\/\/twitter.com\/hasufl\/status\/1283520877120937986?ref_src=twsrc%5Etfw\">July 15, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Whitestream analysts <a href=\"https:\/\/twitter.com\/whitestream5\/status\/1283674132211695616\">discovered<\/a> that the attackers&#8217; addresses had previously interacted with Coinbase cryptocurrency exchange and BitPay and CoinPayments services.<\/p>\n<p>As of now stolen funds are still in motion.<\/p>\n<h2><b>Ongoing Investigation<\/b><\/h2>\n<p>Twitter tech support is still investigating the hack. So far they claimed that it was a coordinated attack that involved not only hacking but also social engineering.<\/p>\n<p><a href=\"https:\/\/twitter.com\/TwitterSupport\/status\/1283591846464233474\">https:\/\/twitter.com\/TwitterSupport\/status\/1283591846464233474<\/a><\/p>\n<p>Twitter employees with access to internal systems are said to have been victims of a coordinated social engineering attack. This allowed attackers to take control of many accounts, including verified ones.<\/p>\n<p>The Block analyst Larry Chermak threw together a timeline of the attack, which allowed him to conclude that only one Twitter employee was likely the victim of the hack.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">I also made a timeline. The interesting thing here is the large gap between the first attack and then the second. And then also that none of the hacks overlap, which suggests that the hacker was actually manually doing it through one employee panel (not multiple) <a href=\"https:\/\/t.co\/eeKp9x9US5\">pic.twitter.com\/eeKp9x9US5<\/a><\/p>\n<p>&mdash; Larry Cermak (@lawmaster) <a href=\"https:\/\/twitter.com\/lawmaster\/status\/1283743155750404099?ref_src=twsrc%5Etfw\">July 16, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Twitter CEO Jack Dorsey has promised to release the full details as soon as Twitter figures out how the hack was possible.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Tough day for us at Twitter. We all feel terrible this happened.<\/p>\n<p>We\u2019re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. <\/p>\n<p>\ud83d\udc99 to our teammates working hard to make this right.<\/p>\n<p>&mdash; jack (@jack) <a href=\"https:\/\/twitter.com\/jack\/status\/1283571658339397632?ref_src=twsrc%5Etfw\">July 16, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2><b>Conspiracy Theories<\/b><\/h2>\n<p>Vice <a href=\"https:\/\/www.vice.com\/en_us\/article\/jgxd3d\/twitter-insider-access-panel-account-hacks-biden-uber-bezos\">reports<\/a> that an anonymous whistleblower has told Motherboard in a candid interview that Twitter is still unsure whether their employee was a victim of a social engineering attack or helped the hackers on his own accord.<\/p>\n<p>The implication that it could be an inside job feeds into Kim Dotcom\u2019s old \u201cbackdoor mantra\u201d.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Your computer has a backdoor<br \/>Your phone has a backdoor<br \/>Your bank has a backdoor<br \/>Your life has a backdoor<\/p>\n<p>Thanks to the U.S. Government \ud83d\ude18<\/p>\n<p>&mdash; Kim Dotcom (@KimDotcom) <a href=\"https:\/\/twitter.com\/KimDotcom\/status\/960960064621223936?ref_src=twsrc%5Etfw\">February 6, 2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Twitter hack <a href=\"https:\/\/twitter.com\/kimdotcom\/status\/1283578441187471360?s=21\">in his opinion<\/a> vindicated his conspiracy theory as it reveals that \u201cthere are government backdoors with god mode that can be abused\u201d. Which makes evidence from email, smartphones, social media is no longer reliable in Court because it can be edited.<\/p>\n<h2>The Real Danger Behind the Hack<\/h2>\n<p>Some experts were quick to point out that the level of access available, albeit temporary, to the hackers basically allowed them to enter God mode with all possible implications.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">You know what the real news is from this incident?<\/p>\n<p>Someone appears to have root level access to Twitter. They OWN this platform. They are in GOD MODE. They can do ANYTHING they want on it.<\/p>\n<p>And their top choice is to trick you into parting with your precious bitcoin.<\/p>\n<p>&mdash; Jameson Lopp (@lopp) <a href=\"https:\/\/twitter.com\/lopp\/status\/1283507177370640385?ref_src=twsrc%5Etfw\">July 15, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">It will be a while until we understand exactly what happened and what will be the implications. It could be compromised DMs used to extort large accounts. Or it could be something else. What&#39;s clear though is that if this could happen once, it could easily happen again.<\/p>\n<p>&mdash; Larry Cermak (@lawmaster) <a href=\"https:\/\/twitter.com\/lawmaster\/status\/1283696821076975616?ref_src=twsrc%5Etfw\">July 16, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Twitter is still trying to figure out the real amount of damage the hackers may yet cause, having attained access to private information and the message history of its users. The distribution of Bitcoins scam could only be a distraction, and the attackers&#8217; true goal could very well be precious private data.<\/p>\n<p><b>Follow us on\u00a0<\/b><a href=\"https:\/\/twitter.com\/forklogmedia\"><b>Twitter<\/b><\/a><b>\u00a0and\u00a0<\/b><a href=\"https:\/\/www.facebook.com\/forklogmedia\"><b>Facebook<\/b><\/a><b>\u00a0and join our\u00a0<\/b><a href=\"https:\/\/t.me\/forklogmedia\"><b>Telegram channel<\/b><\/a><b>\u00a0to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yesterday, anonymous attackers hacked Twitter accounts of Binance CEO Changpeng Zhao, Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, Barack Obama, Uber, Apple, and many others. They used these accounts to post fraudulent messages promoting the distribution of 5,000 BTC on behalf of a rogue site Cryptoforhealth.<\/p>\n","protected":false},"author":6,"featured_media":9289,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[43,549,40],"class_list":["post-9287","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-hackers","tag-scam","tag-twitter"],"aioseo_notices":[],"amp_enabled":true,"views":"987","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9287","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=9287"}],"version-history":[{"count":4,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9287\/revisions"}],"predecessor-version":[{"id":9296,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9287\/revisions\/9296"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/9289"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=9287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=9287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=9287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}