Coordinated social engineering behind the monumental Twitter hack

The massive Twitter hack story is developing strange contours as the social media giant struggles to contain the aftermath. On Wednesday, Twitter accounts of prominent world leaders, celebrities, crypto exchanges, and corporations were hacked to promote a Bitcoin scam.

Victims included former US President Barack Obama, Israel Prime Minister Benjamin Netanyahu, Floyd Mayweather, Kanye West, Presidential candidate Joe Biden, Justin Sun, Elon Musk, and many more.

https://twitter.com/TwitterSupport/status/1283591846464233474

Now, Twitter claims that a coordinated social engineering attack was the mechanism employed by the scammers. The latest Twitter hack is perhaps the biggest ever social media attack ever to promote a Bitcoin scam, and the victim list is only growing.

What is coordinated social engineering attack?

As the social media giant attempts to restore the status quo, it is also studying the coordinated social media attack mechanism believed to have been used by hackers. Social engineering attacks rely on human error as the attacker tricks vulnerable users into revealing sensitive information using psychological manipulation. Through extensive human interaction, hackers seek possible entry points, security loopholes, vulnerable protocols, and sensitive information.

Social engineering attacks often involve multiple steps to gain the victim’s trust. It can involve baiting, phishing, pretexting, spear phishing, scareware, and many other manipulative practices. As per the social media giant, some of its employees with sensitive information may have been targeted to take control of the VIP accounts.

VICE Magazine’s Motherboard section claims to have spoken to two sources involved in the Twitter hack who stated that they paid a Twitter insider for account takeovers.

Mammoth Twitter hack investigation currently on

Ben Sigman of MakeSenseLabs, a blockchain startup, states that the highly centralized setup of Twitter is the reason behind this attack. He claims that Twitter staff has access to ‘Godmode’, allowing them to write tweets for any user.

4/ Unsurprisingly, the hackers used some of the funds from the different scam addresses to pay into their main collection address to make it seem like more people are participating and benefiting from the scam. pic.twitter.com/iT43Wasyum

— Chainalysis (@chainalysis) July 16, 2020

Interestingly, the biggest-ever Twitter hack involves Bench32/Segwit addresses, which can be traced down easily. The CryptoForHealth domain used in the promotional scam is also being investigated. Chainalysis is also tracking down the movements of Bitcoin amassed in the monumental Twitter hack. As the investigation continues, the entire crypto community is looking at the developments with bated breath.