On Wednesday, 15th July, followers of Bill Gates on Twitter got the surprise of their lives.
At around 4pm (Eastern Daylight time), they received a tweet from Gates’ account offering to return double any Bitcoin they sent to the included address.
According to the tweet, this generosity was inspired by a desire to “give back”. And Bill wasn’t the only one. Similar offers appeared on other high-profile accounts, including those of former President Barack Obama, presidential candidate (?) Kayne West, his reality star wife, Kim Kardashian West, Warren Buffet, Jeff Bezos to name but a few.
Even Apple and a few other corporations seemed to want to get in on the act.
What was happening? Was Bill trying to speed up the process of divesting himself of his wealth by just giving it away on a first come, first served basis?
Had the Wests decided that the best way to Make America Great Again was to close the gap between rich and poor, not widen it?
Had Bezos et al finally realized they’d never be able to spend more than a fraction of their accumulated wealth, so they might as well give some away?
Was Apple having an attack of conscience after squirming out of paying its €13.1bn tax bill to the people of Ireland?
Were we really entering a post-Covid 19 golden age of caring and sharing?
It all seemed too good to be true. And of course, it was. The reality was Twitter had been hacked and it was just a scam.
And not even a very original one. Fake celebrity accounts had been used in the past to solicit money from the unwary, usually through offering to double Bitcoin transfers. What made this one different was that the solicitations were coming from real accounts.
As soon as Twitter became aware of the incident, they deleted the tweets from the affected accounts. Only to have them reappear in a matter of minutes.
In the end the company was left with no choice but to freeze verified accounts across the platform as it tried to fix the problem.
But not before the scammers were sent approximately 130,000 dollars’ worth of Bitcoin (it’s amazing how quickly some people will suspend their common sense when promised something for nothing).
The hack itself was highly effective. Somehow those responsible had managed to gain control of Twitter developer tools. Through these, they were able to take over the accounts.
But the scam, offering to double any bitcoin sent to the specified wallet, was extremely amateurish and unoriginal.
And so was the way it was conducted. Almost identical messages were posted to the compromised accounts, making them very easy to spot and remove. And the hackers repeated the same mistake in the second round of tweets they posted.
This led to security experts and American intelligence officials to quickly rule out the obvious culprits for such a high-level attack – a foreign power such as North Korea, Russia or China.
If a foreign state had been involved, the accounts would have been used to destabilize the stock market or other such nefarious purposes. This affair was far too amateurish, they concluded.
Even the choice of Bitcoin as a payment method pointed to a lack of sophistication on the part of the hackers. This is because the common Bitcoin myth that transactions are untraceable is just that, a myth.
This was kindly pointed out to the hackers by one concerned soul, as reported by CoinTelegraph. This Good Samaritan left the following message embedded in three transactions (worth about 12 Dollars):
Just Read All
Transaction Outputs As Text
You Take Risk When Use Bitcoin
For Your Twitter Game
Bitcoin is Traceable
Why Not Monero
Monero being an altcoin that offers higher levels of privacy than Bitcoin.
At the time of writing, it is still not known who was behind the attack. Or why they did it. And that remains a big question.
Why go to all the trouble of gaining access to some of the most high-profile Twitter accounts out there, only to launch a scam so obvious it was spotted within an hour? And started making headlines on the same day?
The answer to this, some believe, is that it is all much bigger than a mere Bitcoin scam. After all, this netted the hackers a mere 100 grand or so. Not exactly Master Criminal stuff.
But it did gain the attention of the world. Within hours of the attack, it was all over the media that someone had managed to completely bypass all security protocols implemented by both users and the platform itself.
Was this then the whole point?
In a post on a forum dedicated to account hijacking, one user was offering to change an email address for just $250, with direct access to accounts costing between $2,000 and $3,000.
Since Twitter has not yet managed to close the door, and the method has been very publicly proven to work, we can assume that price has risen.
There’s also the matter of the targeted accounts themselves. They all belonged to very high-profile people, and the hacks were very public. And nobody has yet been able to figure out what level of access the hacker had.
How much information did they get away with? Is there a group of happy hackers auctioning of compromising pictures of, for example, Joe Biden, somewhere on the Dark Web? We don’t yet know.
In our analyses, a cynical sales campaign for dirt on celebrities seems much more likely than a clumsy Bitcoin scam.
To find out, we’ll just have to wait and see when the scammers are caught. Or scandals involving those affected start to break, whichever comes first.