Elon Musk wants to give you free bitcoin — at least, that’s what his Twitter account said on Wednesday.
Don’t trust him.
The Tesla founder’s account was one of numerous high-profile accounts on the social network that were compromised as part of a remarkable, far-reaching hack that attempted to scam people into sending payments in the bitcoin digital currency.
The hack underscored the vulnerability of social media services like Twitter, which are used by world leaders and government agencies to communicate with the public. The breach was so serious that Twitter was forced to briefly disable all tweeting from verified accounts on Wednesday.
The FBI has launched an investigation into the incident and Congress wants answers from Twitter’s management.
As of writing on Friday afternoon, here what we do and don’t know about what happened.
Who’s been hacked?
Lots of famous people. And some companies.
Joe Biden, Jeff Bezos, Apple’s official account, Bill Gates, Warren Buffett, Kanye West, Kim Kardashian, Uber, Wiz Khalifa, Floyd Mayweather, Cash App, MrBeast, XXXTentacion, parody account TheTweetOfGod … the list goes on and on.
The hackers targeted high-profile accounts that had the potential to spread the scam as far as possible.
130 accounts were targeted, Twitter said in a statement on Thursday, though not all of them were compromised.
How did they get hacked?
The hackers got access to Twitter’s internal tools, then used them to wreak havoc.
Late Wednesday evening, Twitter said it had uncovered “what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” Those with access to those tools, “ostensibly Twitter employees,” have the ability to reset email addresses associated with accounts, as TechCrunch reported.
What do the hacked messages look like?
What steps has Twitter taken in response?
As the hack escalated, Twitter took the unprecedented step on Wednesday of blocking all verified accounts from tweeting temporarily, as it worked to secure its services.
It has also locked the affected accounts until their owners can satisfactorily identify themselves and take back control. Its data download feature has also been temporarily disabled.
“We have also been taking aggressive steps to secure our systems while our investigations are ongoing,” Twitter said on Thursday. “We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.”
CEO Jack Dorsey also chimed in on the incident in a tweet on Wednesday evening, calling it a “tough day for us at Twitter.” He wrote: “We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
What’s the scam?
Generally, the compromised accounts posted a tweet saying they’re feeling generous (or some other similar motivation), and falsely claiming that if people send them bitcoin to their address, they’ll resend them double back.
Should I send them bitcoin?
Who’s behind the hack?
The identity of the hacker(s) are still unknown, but more details are slowly coming to light.
In a New York Times report on Friday, individuals who claimed to be involved alleged that a figure going by the name “Kirk” first gained access to the internal Twitter tools and then told others about it. He is purported to have obtained login details to the tools from an internal Twitter Slack channel he gained access to.
“Kirk” began by selling access to coveted “OG” usernames, before things escalated to the bitcoin scam that attracted international attention.
Were any countries involved?
People are not currently suggesting that the hack was the work of a nation state, as some previous attacks on tech companies and digital infrastructure have been. Well-respected cybersecurity reporter Brian Krebs reported that at least one of the figures involved may have been a 21-year-old man from Liverpool, England — though there has yet to be any official confirmation, arrests, or attribution from Twitter or other authorities.
What was the fallout?
A lot of people are demanding answers.
The FBI is investigating, as is New York state, and Congress wants a briefing from Twitter about what went down. Meanwhile, the company is still trying to understand the full extent of the damage, and repair user trust that was damaged by the most extensive (known) hack in its history.
Got a tip? Contact Business Insider reporter Rob Price via encrypted messaging app Signal (+1 650-636-6268), encrypted email ([email protected]), standard email ([email protected]), Telegram/Wickr/WeChat (robaeprice), or Twitter DM (@robaeprice). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by standard email only, please.