Twitter Hack Snares Biden, Obama, And Musk In Bitcoin Scam

Twitter accounts belonging to Democratic presidential nominee Joe Biden, former US president Barack Obama, reality star Kim Kardashian West and her husband Kanye West, and Tesla CEO Elon Musk were hacked on Wednesday to promote a bitcoin scam.

The hack is the latest breach of high-profile Twitter accounts and an evolution of a long-running scam that has persisted on the social network for the last two and a half years. Since at least the start of 2018, scammers have created fake accounts mimicking Musk, President Donald Trump, and other celebrities to lure in unsuspecting individuals to send bitcoin or other forms of cryptocurrency with the promise that they’d have their money doubled or tripled in return.

A Twitter spokesperson told BuzzFeed News that the issue was “being looked into.” Tweets promoting the scam continued to persist across various verified accounts on Wednesday afternoon. According to cryptocurrency publication CoinDesk, which also had its account hacked, some of the affected accounts had two-factory security enabled.

While previous cryptocurrency scams have tended to mimic verified Twitter users by creating accounts with similar handles, avatars, and cover photos, Wednesday’s scam was different in that the unknown hacker gained access to real accounts to proliferate their scam. The initial scam tweet promoting the fake giveaway from Musk’s account, which has nearly 37 million followers, went up at 1:17 p.m. PT.

While Musk’s first tweet was removed, at least three others went up from Musk’s account promoting the same wallet. Similar messages were posted to verified accounts for Obama, Microsoft founder Bill Gates, Apple, and Uber.

Hacked accounts went on to pin tweets promoting the giveaway scam to the top of verified profiles or retweet the messages. Other accounts that were hit included rappers Wiz Khalifa and the late XXXtentacion; boxer Floyd Mayweather; and billionaires Jeff Bezos, Mike Bloomberg, and Warren Buffett.

“Twitter locked down the account immediately following the breach and removed the related tweet,” a Biden campaign spokesperson told BuzzFeed News. “We remain in touch with Twitter on the matter.”

The initial bitcoin wallet address associated with the scam showed transactions on Wednesday afternoon suggesting more than $118,000 worth of the cryptocurrency had been deposited, of which about $61,000 worth of bitcoin had been removed. A second wallet that emerged in later scam tweets, suggested about $5,000 worth of bitcoin had been received, of which $2,700 had been removed.

It’s unclear if that money was from actual unsuspecting individuals or from the scammer themselves. In past cryptocurrency giveaway scams, perpetrators have seeded wallets with their own money to encourage others to donate.

The website associated with the scam was created this morning, at 10:36 a.m. PT. The site went down before Musk tweeted the address, but its layout was reminiscent of previous scams: It featured the same bitcoin wallet address as the one shared in the Musk tweet and an image claiming transactions were being sent to it.

“The current financial system is outdated and COVID-19 has made serious damage to the traditional economy ,To help in these hard times For COVID19 Huobi, Kucoin, Kraken, Gemini, Binance, Coinbase & Trezor are partnered to give back to the community,” the now-deleted site said alongside an image featuring the hashtag #cryptoagainstcovid.

The registration information associated with the website was fake. The business address did not exist, the number was fabricated, and questions sent to the associated email address went unanswered.

In August 2019, Twitter CEO Jack Dorsey had his account hacked by someone who then posted racial slurs and a bomb threat. The company attributed the breach at that time to a “security oversight by a mobile provider.”

With reporting from Nidhi Prakash.