As reported by Reuters, after a proper investigation, the Twitter team finally found out how cyber criminals managed to hijack a large number of top-tier accounts and initiate their massive Bitcoin scam from those pages.
Spear-phishing attack suspected
The Twitter team has come to the conclusion that the cyber criminals who managed to gain access to around 130 VIP accounts on the social media microblogging giant used the phone spear-phishing technique to accomplish their scheme.
"Spear-phishing" means that hackers send emails from a person whose address is familiar to the recipient in order to target the receiver to give up some sort of confidential data.
In this way, the hackers managed to hijack over a hundred top Twitter accounts, publish Bitcoin spam tweets on forty-five of them, gain access to thirty-six pages and retrieve Twitter data from seven of them.
The article also reports that the attackers chose certain Twitter team members as their targets—those employees who directly work with tools for account support. Previously, U.Today reported that Twitter suspected that one of its employees was even bribed into helping the culprits.
Large-scale Bitcoin scam
Among the accounts that the hackers seized control of were the pages of Bill Gates, Elon Musk, Kim Kardashian, Joe Biden (Trump’s rival for the November presidential election), Barack Obama and Changpeng Zhao (CEO of Binance).
Data available on the blockchain show that the cyber criminals managed to reap $100,000 in BTC.
They offered Twitter users an exchange: users send their BTC to an address and then receive double that amount in return—a classic cryptocurrency scam.
Right after the attack took place, Twitter blocked all the hijacked pages to prevent further damage, and some crypto exchanges blocked the scammers' BTC address to stop users from sending their crypto to it.
Soon after the incident, control over the hijacked pages was given back to their owners.