Twitter Bitcoin Scam

Introduction

On July 15, 2020, between 20:00 and 22:00 UTC, 69 high-profile Twitter accounts were compromised to promote a Bitcoin scam. The attackers gained access to Twitter's administrative tools, likely through social engineering involving Twitter employees.

Tweets were posted promising to double any Bitcoin sent to a specified wallet. Over 320 transactions occurred within minutes, totaling over $110,000 before Twitter removed the scam tweets. Three individuals were arrested later that month.

What Happened?

On that day, many prominent Twitter accounts posted similar messages:

"Send us Bitcoin and we’ll send back double as a charitable gesture."

Hacked accounts included:

• Barack Obama
• Joe Biden
• Elon Musk
• Mike Bloomberg
• Apple
• Uber

These accounts, followed by millions, spread the scam quickly. Many tweets were removed and accounts locked, but the damage had already been done.

Immediate Consequences

• Twitter temporarily disabled tweeting from verified accounts.
• Public trust in Twitter's security was shaken.
• Regulatory scrutiny of social media security practices increased.

Conclusion

The scam made between $100,000 to $400,000 in just a few hours—small compared to the global impact. Twitter’s stock dropped, and its CEO had to issue a public apology.

Victims may pursue legal action against Twitter, but their own decisions may also be scrutinized.

Which Lessons Can Be Learned?

• Excessive internal privileges pose major risks.
• Cybersecurity awareness should be company-wide, not just limited to high-risk departments.
• Cyber attacks impact more than just money—think legal, operational, and reputational risks.

This event shows how critical it is to manage privileges carefully and train all employees about cyber threats. Whether it’s a giant like Twitter or a local business, awareness is the first line of defense.