How Hackers took over Twitter to promote Bitcoin Scam

Like a horror movie, the crypto and the general twitter community watched as hackers coordinated the biggest hack ever seen in social media.

By · Jul 16, 2020 . 18min read

Photo by Clint Patterson on Unsplash

We recently published a real-time update of how hackers took over twitter to promote a bitcoin scam and now this post shows a comprehensive list of events that went on while the hack lasted.


15th July 2020 appeared just like a typical day for everyone, especially those within crypto space. Binance had only recently concluded its Binance Off the Charts, an online event marking its third anniversary. Still in the mood of thanks appreciating its sponsors, partners and community, little did anyone especially CZ, Binance CEO know a coordinated twitter hack carried out in a 9/11 style was well underway.

Just like a flash and in CZ’s prolific tweeting style, he alerted the twitter community about an ongoing bitcoin scam. Binance’s verified twitter handle had been hijacked and scammers posted a scam message luring people to contribute to a fake donation scheme.

The message read:

Hacker overtook Binance Twitter handle to post Bitcoin scam

CZ’s response promptly followed and was quickly hidden by the scammers. Twitter allows a user to hide responses they don’t want their followers to see.

CZ warning users that Binance twitter account is hacked

And just before anyone could realise what may be happening, CZ’s handle was also hijacked to post the scam message he asked twitter users to report.

Major Crypto Exchanges and Crypto Personalities follow

While everyone was still trying to make sense of what is happening, thoughts like could be an isolated incident or a coordinated attack, all hell broke loose. Top crypto exchanges twitter accounts capitulate. Coinbase, Gemini, Bitfinex, Kucoin and dominant crypto personalities like Justin Sun of TRON, Charlie Lee of Litecoin and others followed the list of twitter handles to be hacked.

Like a horror movie, the crypto and the general twitter community watched as hackers coordinated the biggest hack ever seen in social media. The hackers upon taking over any twitter account go-ahead to pin the scam tweet before they retweet with other high profile handles, the same message.

Gemini exchange twitter handle gets hacked to tweet scam

World’s Wealthiest figures soon followed

What was earlier seen as a horror soon turned out amusing as the world’s wealthiest men appear to be begging their followers using their twitter handles. Like a joke, Elon Musk, Bill Gates, Jeff Bezos, Kim Kardashian West were all hacked!

Kim Kardashian West Twitter gets hacked to tweet Bitcoin scam

If you have a verified Twitter account with the blue checkmark, we’re coming for you

It was now very clear. Anyone with a verified twitter handle is a target. In the past, hackers would try to impersonate an important twitter personality who obviously has a verified Twitter account. That was now a child’s play. No need for impersonation when you could just hijack the verified twitter account. Whether you were a person or an entity, that didn’t matter. As long as you had a verified twitter account and decent followership, you will most likely be hacked.

Notable personalities like Tobi Lutke, CEO of Shopify while anticipating his twitter handle fall tweeted to alert his followers.

Hacker did not spare Ex Presidents and VP

If personalities like President Barack Obama, the immediate past president of the United States with over 120 million followers and his VP who happens to be the presumptive nominee for the Democrats party could be hacked who else remained?

Hacker hacked Ex US President Barack Obama to tweet Bitcoin scam

It was apparent. Everyone was waiting for The Hack! Even though everyone was waiting for President Trump, who uses Twitter like no other president or public figure ever uses, it didn’t happen.

The matter came to the head with Twitter’s official handle and Jack’s account finally fell

Like a movie where you expect the final minutes to feature the toughest scenes, yesterday’s twitter hack didn’t fall short. Hackers promptly overran Twitter’s official handle immediately after posting a new product feature. One could only imagine the horror that may have transpired in Twitter’s situation room, when a Twitter staff monitoring the situation may have voiced the words “Olympus has fallen!” Apparently, co-founder and CEO Jack Dorsey, twitter’s leadership symbol also fell. And like a swoop, Twitter deleted the scam message on Jack’s handle was quickly barely before most people would notice.

Twitter issues a statement

It was at this point, twitter, with its verified support account, issued an official statement. Twitter It claims it detected what it believes to be a coordinated social engineering attack by people who successfully targeted some of its employees with access to internal systems and tools.

This thread has their explanation:

A possibly rattled Jack follows in the explanation spree

Divergent investigation by Vice suggests otherwise, claims Twitter hack to be an insider job

Vice publication who published even before Jack or the twitter team gave their explanation of the hack event claims it possesses documents proving these hackers were an insider job. It published screenshots of panel obtained from the hackers who claim they took over the accounts using an internal tool at Twitter. It also claims Twitter has been deleting these screenshots and has suspended users who tweeted them, claiming that the tweets violate its rules.

The Hack and the Heist

While the hack lasted, the scammers kept receiving funds using a particular Bitcoin wallet address. It received a total of 376 transactions amounting to about 12.68 BTC. And like a typical thief, majority of the funds received were moved into other address as explorer shows.

Major crypto evangelist, Andreas Antanoupolous explains how and why the hackers are using SegWit wallet to stage their heist.

He explains even further:

Crypto tracers; Elliptic and Chainalyisis swing to action, follows the money trail

Major crypto tracers like Elliptic and Chainalysis have waded in to lend their investigative powers to the situation. While Elliptic was quicker in their analysis of the situation, Chainlysis opened up on its difficulty to tweet about the situation due to twitter limiting most account from even tweeting bitcoin wallet address.

Apparently, some of the addresses that interacted with the scammer wallet were old wallets that have at one point in time transacted with regulated exchanges know for strict KYC verification.

Elliptic went further by explaining that the hackers used more than one wallet address and how the funds are being moved. Approximately half of the payments received in the hackers’ wallet originated from US-based exchanges, suggesting that around half of the victims of this scam are based in the US. The remainder is fairly evenly split between Asia and Europe.

Even the scammers kept cycling funds from one wallet to appear as though they were receiving funds from victims which was apparently not the case.

CryptoTwitter tries to make sense of Twitter’s Day Zero

While the events unfold, CryptoTwitter – the large community of cryptocurrency and blockchain enthusiasts on the social media scrambled to make sense of what happened. Some saw this as a clarion call for users to take their privacy a popular sentiment in the cryptocurrency space.

Others interpret the turn out of events as an epic opportunity for bitcoin to realize its mainstream goal. It appeared more people got to know about bitcoin through this twitter hack incident.

         All News