The massive Twitter hack story is developing strange contours as the social media giant struggles to contain the aftermath. On Wednesday, Twitter accounts of prominent world leaders, celebrities, crypto exchanges, and corporations were hacked to promote a Bitcoin scam.
Victims included former US President Barack Obama, Israel Prime Minister Benjamin Netanyahu, Floyd Mayweather, Kanye West, Presidential candidate Joe Biden, Justin Sun, Elon Musk, and many more.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
Now, Twitter claims that a coordinated social engineering attack was the mechanism employed by the scammers. The latest Twitter hack is perhaps the biggest ever social media attack ever to promote a Bitcoin scam, and the victim list is only growing.
As the social media giant attempts to restore the status quo, it is also studying the coordinated social media attack mechanism believed to have been used by hackers. Social engineering attacks rely on human error as the attacker tricks vulnerable users into revealing sensitive information using psychological manipulation. Through extensive human interaction, hackers seek possible entry points, security loopholes, vulnerable protocols, and sensitive information.
Social engineering attacks often involve multiple steps to gain the victim’s trust. It can involve baiting, phishing, pretexting, spear phishing, scareware, and many other manipulative practices. As per the social media giant, some of its employees with sensitive information may have been targeted to take control of the VIP accounts.
VICE Magazine’s Motherboard section claims to have spoken to two sources involved in the Twitter hack who stated that they paid a Twitter insider for account takeovers.
Mammoth Twitter hack investigation currently on
Ben Sigman of MakeSenseLabs, a blockchain startup, states that the highly centralized setup of Twitter is the reason behind this attack. He claims that Twitter staff has access to ‘Godmode’, allowing them to write tweets for any user.
4/ Unsurprisingly, the hackers used some of the funds from the different scam addresses to pay into their main collection address to make it seem like more people are participating and benefiting from the scam. pic.twitter.com/iT43Wasyum
— Chainalysis (@chainalysis) July 16, 2020
Interestingly, the biggest-ever Twitter hack involves Bench32/Segwit addresses, which can be traced down easily. The CryptoForHealth domain used in the promotional scam is also being investigated. Chainalysis is also tracking down the movements of Bitcoin amassed in the monumental Twitter hack. As the investigation continues, the entire crypto community is looking at the developments with bated breath.