How Social Engineering Caused the Latest Twitter Bitcoin Scam

130 high-profile Twitter accounts were compromised, and 45 of them were used to request for bitcoins to specified wallets

New Update
Twitter Layoffs

Social media giant Twitter has admitted that the company was a victim of a coordinated social engineering campaign where hackers colluded with and paid employees to access internal controls and tools. This allowed them to compromise high-profile accounts and abuse them for the bitcoin scam.


Hackers used social engineering to control internal security tools

Around 1500 Twitter employees can use internal controls to make changes to user accounts to reset passwords or respond to content violations. The amount of user account information—IP address, email address, phone number—that employees can access may seem limited but can be vital pieces of information for hackers to misuse. They can use them to spy on or hack into user accounts and orchestrate more sinister campaigns. For instance, these tools were recently used to spy on celebrities by tracking their personal data and geographical locations based on the device IP address. These intrusions were overwhelming for the security team at Twitter that struggled to keep track of such instances.

Cyber criminals launched a coordinated social engineering attack to access these tools. It is reported that cybercriminals called up an employee to help them access the internal security tools. This employee looked up internal company resources and communication channels to provide cyber criminals with the necessary information. According to Motherboard, cyber criminals paid a Twitter staffer for the information that enabled them to breach security controls.


130 high-profile accounts were compromised

A wide range of high-profile Twitter accounts—including business leaders, politicians, and celebrities—were attacked to falsely tweet requests for bitcoin, promising double the amount deposited. The scam is estimated to have caused losses worth 12.58 bitcoin—nearly $120,000. Coinbase, a cryptocurrency exchange, claims that it blocked the hackers' wallet to prevent further losses of nearly $280,000 from more than 1,000 customers sending in bitcoins.

It is reported that cyber criminals had access to 130 accounts and could successfully exploit 45 of these accounts to participate in the bitcoin scam, requesting people to send bitcoins to a specified wallet address. According to Twitter, hackers could infiltrate 36 of these 130 accounts to attempt downloading the 'Your Twitter Data' and accessing direct messages of eight accounts.


Twitter apologizes for falling behind on security measures

The concerns around a large number of employees and outsourced contractors being able to use internal security tools to access accounts were repeatedly raised with the company's board between 2015 and 2019. However, the company failed to take corrective measures.

In his address after the incident, Jack Dorsey, the CEO of Twitter, admitted that the company “fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools.” He has apologized saying, “we feel terrible about the security incident that negatively affected the people we serve and their trust in us.”


Dangerous consequences

This scam has exposed the vulnerability of social media platforms to increasing social engineering campaigns that can cause incidents of global ramifications. It also highlights the threat that internal employees can pose to the security of the organization.

The article has been written by Neetu Katyal, Content and Marketing Consultant

She can be reached on LinkedIn.