Twitter Massive Hack Attack Traced Back to Crypto Wallet Using BitPay and Coinbase

Not only were these big-name cryptocurrency exchanges affected, but multiple celebrities and huge-time figures ranging from Kim Kardashian to Bill Gates and presidential runner Joe Biden saw their Twitter accounts compromised as well.

Bitcoin Twitter Hack 

The first signs of a mass media scam attack came around 3 pm EDT, on Wednesday. A tweet popped up on one of the cryptocurrency exchange's Twitter account — Binance — that read that the coin exchange had partnered with “CryptoForHealth” and was looking to give back 5000 Bitcoins to the community. Attached to the message was a link indicating where people could donate and send their crypto contributions. 

The scam worked miracles as Bitcoin donations started rolling in minutes after the incident. One Bitcoin wallet address was even seen to carry a groundbreaking $100,000 in funds. 

Twitter Goes Silent 

Twitter support then went on to temporarily prevent all verified accounts on their social media platform from tweeting for about half an hour. They tried to reassure their social media community and engage in damage control. Twitter support publicly announced that they were working on the security incident and investigating further in order to fix the breach. Updates will soon be provided, Twitter Support posted.  

Twitter CEO Jack Dorsey came forward and expressed on his social Twitter platform that it had been a “tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”  He expressed his apologies for the inconvenience caused by the Bitcoin sneak attack. 

Investigators Trace Hack Activity 

Investigators of the Twitter hack uncovered that the group behind the massive Bitcoin scam must have coerced an employee into providing high-security internal admin access to Twitter. Crypto scammers were only able to pull off what may be the largest hack on Twitter ever due to exclusive access to the social platform provided by an internal employee. Twitter issued a report on their platform saying: 

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.” 

Hacker Identities Revealed? 

Furthermore, the hackers do not seem to be sophisticated Bitcoin users, since they left trails of their activity that could be linked back to BitPay and Coinbase. These big-name crypto exchanges can potentially hold the key to uncovering their identities.  Investigations led by Blockchain Intelligence Whitestream, a blockchain analytics company, unveiled that three transactions originating from the address that scammers linked could be traced back to crypto wallets that were found to be associated with Coinbase and BitPay. Both exchanges provide merchant solutions. 

Coinbase and BitPay Used in Attacks 

The first transaction was a small amount of funds allocated to BitPay, while the other two were sent to Coinbase.   

The hackers used a legacy address initially but seem to later have switched to a Bech32 address to target non-crypto accounts. However, the original address currently appears to be the consolidation point for all the proceeds of the attack. It has been found to hold 14.75 BTC, which is worth approximately $135,000. 

The latter transactions have been a bit more sophisticated, as the change address is always different than any of the other inputs. 

Investigators are still currently working on cracking down on the Bitcoin scammers, but they seem to be getting closer.