The Day After Twitter’s Massive and Embarrassing Bitcoin Hack

Last updated September 28, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Yesterday, Twitter was compelled to deal with the most massive, high-profile, reputation-damaging, and embarrassing security incident in its history. A large number of verified accounts belonging to celebrities and political persons with millions of followers promoted fraudulent Bitcoin scams and got hundreds of thousands through numerous transactions.

Related: High-Profile Twitter Accounts Hacked by Bitcoin Scammers

After the first wave has passed and Twitter’s engineers worked hard to contain the damage, a few new details have surfaced on the net. It is important to point out that Twitter is still investigating, as are other experts in the field, but here’s what’s new today.

Twitter believes that the attackers compromised 130 accounts, so there are many more than the names we gave you yesterday. People speculated on why Trump’s account isn’t on the list, with some suggesting that the hackers were politically motivated and so they targeted only democrats.

The most likely explanation, though, is that Twitter has numerous safeguards in place for the US President's account, as having it hacked could have a lot direr consequences than just a few thousand users losing their Bitcoins to scammers.

Speaking of which, Krebs has launched an investigation to find who could be behind the recent hack, following BTC wallets, SIM swapping actors, and boasting accounts on “OGusers.” At the same time, the FBI has also confirmed that they are investigating the incident, and so did the state of New York. One thing is for sure, and this is that the stolen Bitcoins will be very, very hard to move around, spin, exchange, use, or withdraw. Intelligence agencies are watching these addresses very closely, but this may just be a decoy for what this attack was really about.

screenshot

From the first evidence of the investigations, and the screenshots that appeared in various places, it is clear that the actors got to access the DMs (direct messages) of the hacked accounts, which is way more catastrophic than anything relating to the Bitcoin scamming action.

Twitter says there’s no evidence that passwords were accessed, and they do not even suggest that users should reset their passwords. However, the matter of the DMs remains a burning one, and the social media company hasn’t responded to any questions about this. Actors accessing DMs would have implications for many years to come.

These messages weren’t and aren’t being encrypted, and Twitter doesn’t have any plans to add end-to-end encryption, no matter how many have pleaded for it. It looks like poor account security combined with keeping everything in plaintext form created a calamitous cocktail for the social media platform and its prominent users.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: