A number of high-profile Twitter (TWTR) accounts were the subject of a massive hack Wednesday afternoon in what appears to be a Bitcoin scam targeting verified users.
At 4:17 p.m., the account of Tesla (TSLA) CEO Elon Musk tweeted out a message asking people to send him a payment in Bitcoin, and in return, he would return double that amount: “I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!”
The tweet was deleted minutes later, but it was replaced by another similar one:
Over the next hour, a number of other major accounts were targeted, including Microsoft (MSFT) founder Bill Gates, who tweeted out a message with the same Bitcoin wallet address as the second Musk tweet.
Among the other accounts that appear to have been hacked:
- Former President Barack Obama
- Presidential candidate Joe Biden
- Berkshire Hathaway (BRK.B) CEO Warren Buffett
- Amazon.com (AMZN) CEO Jeff Bezos
- Rapper Kanye West
- Boxer Floyd Mayweather
- The official Apple (AAPL) Twitter handle
- Former New York City mayor Michael Bloomberg
- Digital currency exchange Coinbase
Twitter has written on its support account that "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly."
The company reportedly stopped verified accounts from being able to tweet as it investigated the situation.
Later Thursday, Motherboard reported that, according to leaked screenshots and a pair of anonymous sources, a Twitter insider gave the hackers access.
"We used a rep that literally done all the work for us," one source told Motherboard.
Twitter later confirmed that they thought insiders facilitated the attack.
"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the company tweeted. "We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed."
Users of the social media platform are strongly advised not to send payments to any wallet addresses seemingly associated with the Twitter hack.
TWTR shares were down 3% in after-hours trading in response to the developing event.