Dozens of verified Twitter accounts belonging to high-profile individuals, including former US President Barack Obama, and entrepreneurs and philanthropists like Elon Musk and Bill Gates, were hacked on July 15. The wide-scale assault seemed to be designed to launch a cryptocurrency scam that may have accrued over $100,000 in minutes.

While such schemes on Twitter are nothing new, never have such a high number of prominent accounts been taken over simultaneously. In order to halt the bitcoin scam’s progress, in an unprecedented step, the social networking service suspended all outgoing tweets from the verified accounts for around 30 minutes. As an additional step, Twitter also blocked several attempts to reset passwords for the accounts.

The tweets issued from the accounts varied, with the one issued by Obama informing users they could double their cryptocurrency from $1,000 to $2,000 over a 30-minute period. In a current trend used in recent online scams, the tweet offers the reason for the generous returns as “I am giving back to my community due to Covid-19.”

A coordinated attack using social engineering

Several of the victims impacted by the hack have stated they employed a multifactor authentication process to safeguard their accounts, however the advanced security feature proved ineffectual. This being the case, combined with the massive volume of accounts hacked, suggests that the problem lies with Twitter itself rather than individual users. A spokesperson for the social media company commented that Twitter was “investigating and taking steps” in order to address what had occurred.

An early investigation by Twitter revealed a “coordinated social engineering attack” had successfully targeted and tricked its employees.

The company recounted some of its findings, stating:

“We know they used this access to take control of many highly visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

Twitter added it had taken significant measures to limit access rights to tools and internal systems during its investigation.

Wider implications of the Twitter attack

While on the surface the hack appears to form part of a cryptocurrency scam, the operation could potentially have more serious motives. A hacker who is able to tweet from a verified account may also have the access to read the user’s confidential direct messages.

This is not the first time the Twitter accounts of major figures have been accessed without authorisation. In 2020, the founder of Twitter, Jack Dorsey, himself was hacked, and one of the most notorious social media hacks in recent years occurred in 2013 when the verified Twitter account for the Associated Press was infiltrated. Hackers using the account sent tweets describing multiple explosions taking place at the White House and caused chaos for the stock market, which temporarily plummeted.

Along with high-profile user takeovers, cryptocurrency-related accounts were also heavily targeted in the Twitter hack, including trading platforms such as Binance, Gemini and Coinbase.