You may have noticed on Twitter that both Bill Gates and Elon Musk were overtaken by the spirit of generosity earlier today, offering to pay back double whatever was sent to their Bitcoin accounts. So, for instance, if you sent $1,000 to Musk’s Bitcoin address, he’d give you back $2,000. It’s just that easy! And, in case there was any doubt, it was a scam.
It seemed odd at first that Gates and Musk wouldn’t have two-factor authentication enabled on their accounts, but they weren’t the only ones whose accounts were compromised: Cash App, Apple, and Uber were all impacted as well. Individual account security may have had nothing to do with it.
Bill Gates, Elon Musk, and many other high profile Twitter accounts seem to have been breached. The tweets look like they’re sent from Twitter’s website, rather than a third-party app. People are even falling for the BTC scam pic.twitter.com/wv5p3oR0aAJuly 15, 2020
Cameron Winklevoss, who founded the Gemini crypocurrency exchange, confirmed that the Gemini account had 2FA enabled, but was compromised anyway.
ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED.2FA / strong password was used for @Gemini account. We are investigating and hope to have more information shortly. https://t.co/X3C0uJzc6CJuly 15, 2020
It’s not clear how the hack is getting around 2FA, but Foo VR founder Will Smith theorized that a “commonly used tool,” possibly related to analytics or scheduling, could be the culprit.
Dollars to donuts it’s some commonly used tool (analytics, scheduled posting, or whatevs) that got hacked, and not actually Twitter proper.July 15, 2020
Quite a few people appear to be falling for the scam. The Verge pointed out that public records of transactions reveal dozens of payments made to hacked accounts, totaling tens of thousands of dollars.
Even if 2FA wouldn’t necessarily have spared these accounts in this case, especially if a third-party tool is involved, it’s still a good idea to have it switched on. If you’re not sure how to do it, the Twitter Help Center can guide you through the process.
We’ve reached out to Twitter for more information, and will update when we know more.