Cyber Security Center

Coinbase blocked $280,000 from being stolen in the Twitter hack


Mere minutes after hijacked Twitter accounts started posting Bitcoin giveaway scams, cryptocurrency exchange service Coinbase blocked scammer’s wallet addresses, preventing its users from sending $280,000 to scammers.

 

Twitter(2)

Last Wednesday, high-profile verified Twitter accounts were hijacked to display a cryptocurrency giveaway scam. Among hijacked accounts were those belonging to Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, Apple, CoinDesk, etc. Out of 130 targeted accounts, 45 were hijacked to display the scam, with many known people/companies with millions of followers among them.

The giveaway scam tweeted out by famous accounts encouraged users to send Bitcoin to the displayed BTC address in order to get double the amount.

“All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000!,” the scam tweeted from former US president Barack Obama’s account reads. According to reports, scammers were able to steal $120,000, though all wallets associated with the scam are closely monitored by law enforcement. It was recently revealed that scammers would have been able to take off with an additional $280,000 if not for cryptocurrency exchange company Coinbase blacklisting the address, preventing over 1,100 Coinbase users from losing their Bitcoin.

Barack Obama Twitter scam

In an interview for Forbes, Coinbase chief information security officer Philip Martin revealed that they noticed what was going on mere minutes after Twitter accounts of cryptocurrency companies Gemini and Binance tweeted out the scam. However, in the minutes it took Coinbase to blacklist the address, 14 of its users were able to send around $3,000 in bitcoin. The 1,100 users who tried to send the bitcoin after that were blocked from doing so.

“It was a vanishingly small group of Coinbase users that tried to send bitcoin to the scam address,” Martin told Forbes. According to him, blocking cryptocurrency scam addresses is a regular thing Coinbase does.

After an investigation, Twitter revealed that attackers likely targeted certain Twitter employees who have access to Twitter’s internal systems, and after stealing their credentials were able to hijack 45 Twitter accounts by resetting their passwords. Twitter also believes the malicious actors may have tried to sell some of the usernames. The social media giant further revealed that data from 8 accounts was downloaded and stolen via “Your Twitter Data”, though none of the 8 accounts were verified.

Once Twitter became aware of what was going on, they locked down the affected accounts and deleted the tweets. For a short period of time, many Twitter accounts had restricted functionality, with verified accounts not being able to send a tweet. The investigation is still ongoing.