All: don't miss that there are multiple pages of comments. The top few subthreads have become so large that they fill out the first page entirely. You have to click 'More' at the bottom to see the rest, including a lot of the newest posts. Or use these links:<p><a href="https://news.ycombinator.com/item?id=23851275&p=2" rel="nofollow">https://news.ycombinator.com/item?id=23851275&p=2</a><p><a href="https://news.ycombinator.com/item?id=23851275&p=3" rel="nofollow">https://news.ycombinator.com/item?id=23851275&p=3</a><p><a href="https://news.ycombinator.com/item?id=23851275&p=4" rel="nofollow">https://news.ycombinator.com/item?id=23851275&p=4</a><p>Edit: also, there's a related thread tracking the BTC transactions here: <a href="https://news.ycombinator.com/item?id=23851542" rel="nofollow">https://news.ycombinator.com/item?id=23851542</a>.<p>In general, look for More links at the bottom of big threads. This is a performance workaround that we're hoping to drop before long, but in the meantime there's a limit of 250 or so comments per page.
Given how huge this hack is, and how little the BTC reward is going to be, I'm tempting to think this is either:<p>- a test of a new hacking system<p>- a demonstration to a big client<p>- a first shot to threat some entity<p>- a diversion while they get the real loot<p>And that the BTC messages are just a way to justify it so it looks like a simple scam.<p>Such a hack is worth way, WAY more than the few BTC it could bring.
With so many accounts compromised, the hackers might actually have full access to Twitter's backend. The postmortem would be very interesting. I'll be looking forward to it.<p>Imagine if the hackers timed the intrusion during github outage, and twitter's employees can't deploy a fix for the exploit fast enough because github was down!
Tweet from TwitterDev team yesterday:<p><a href="https://twitter.com/TwitterDev/status/1283068902331817990" rel="nofollow">https://twitter.com/TwitterDev/status/1283068902331817990</a><p>> 2 days to go… #TwitterAPI<p><a href="https://twitter.com/TwitterDev/status/1283433096780677122" rel="nofollow">https://twitter.com/TwitterDev/status/1283433096780677122</a><p>> Thank you to all of you who have engaged with us and shared your feedback. Your input has been vital, and we’re committed to continuing these conversations with you. There’s so much more we’re doing to build a better #TwitterAPI… and Early Access is coming tomorrow!<p>Were they supposed to launch some new API tomorrow which got hacked?
Elon Musk as well. Tweets still up, saying "Feeling greatful, doubling all payments sent to my BTC address!<p>You send $1,000, I send back $2,000!
Only doing this for the next 30 minutes."<p>As of now, 121 people have sent cash totally more than 2.5BTC.<p>Edit: Just seen @BillGates compromised as well, same bitcoin account.<p>Edit 2: Elon's tweet seems to be getting removed, and then reposted again shortly after. About $40k sent so far.<p>Edit 3: Interesting to watch - on both accounts, tweets seem to be deleted and then reappear as pinned a few mins later.
Just what kind of an operation is Twitter running here? It seems crazy that they don't have any kind of anti-abuse system in place that could just block tweets with this specific Bitcoin address or possibly tweets matching the regexp of any Bitcoin address. I.e. limit the damage and buy a couple of hours while they try to find the root cause.<p>(Yes, yes, staged rollouts. But anti-abuse systems don't work by those rules, at least in emergencies.)
Twitter should suspend the entire platform until they can credibly fix this and prevent it in the future. An attacker could drop AMZN stock by 10% in minutes with just the wrong tweet from Bezos.
Verified Twitter user here: Locks [1] are in place, attempting to tweet throws an error: Something went wrong, but don't fret -- let's give it another shot.<p>At the bottom of the page, a notification appears: This request looks like it might be automated. To protect our users from spam and other malicious activity, we can't complete this action right now. Please try again later.<p>[1] <a href="https://twitter.com/TwitterSupport/status/1283526400146837511" rel="nofollow">https://twitter.com/TwitterSupport/status/128352640014683751...</a><p>Direct Messaging is still functional as of 523PM PDT.
Your site is getting hacked, you don't know how the hackers are doing it, what do you do ops wise? Take the whole site down for a few hours? Because the entire platform is compromised, how do you handle that?
So many accounts are affected, this seems to be a system-level hack rather than a compromise of individual accounts.<p>Someone has found a way to post a tweet from any account they like?
Kudos to Coinbase- I tried sending a small amount to the account after seeing Elon Musk's tweet, and Coinbase prevented the transaction from occurring.
Uber has been hacked as well. At this point, they can get any high profile Twitter user.<p>EDIT: You know this is a coordinated Twitter hack when they have Apple's account hacked [0]. <a href="https://twitter.com/Apple/status/1283506278707408900" rel="nofollow">https://twitter.com/Apple/status/1283506278707408900</a>
Watch this turns out to be a JS dependency tree problem from some library that was compromised months ago in some NPM module, used in the twitter web interface.
Place your bets, phishing or bug exploit. Some of these targets are too high profile to all fall for it and probably have teams that manage these accounts securely. Edit: 2fa was bypassed, interesting. <a href="https://twitter.com/tylerwinklevoss/status/1283492017889259523" rel="nofollow">https://twitter.com/tylerwinklevoss/status/12834920178892595...</a>
Initial postmortem: <a href="https://twitter.com/TwitterSupport/status/1283591844962750464" rel="nofollow">https://twitter.com/TwitterSupport/status/128359184496275046...</a><p>Seems to be a social-engineering attack on Twitter staff.
What blows my mind is how does Twitter not have a "maintenance" mode -- where <i>no new tweets</i> can be posted and the site is essentially read-only?
A lot of people are asking “why a bitcoin scam?”<p>From what we know right now, targeted accounts had their emails and 2FA reset via an admin tool. These attacks were noisy, so the window of opportunity for the attacker was small. The attack was launched after hours, likely to limit the chance that the compromised Twitter employee would be around. So market manipulation wasn’t really a great option.<p>This was basically a “smash and grab” style attack, which makes sense given the noisy nature of the access. I wouldn’t be surprised if Twitter’s admin tool purposely doesn’t allow employees to silently access accounts.
Loads of accounts still tweeting it in realtime. Follow it live: <a href="https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh&src=typed_query&f=live" rel="nofollow">https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p8...</a>
This is what happens when you put all of your communication eggs into a single basket.<p>Twitter needed to be taken down a couple of pegs. I think accounts of a high enough profile may want to closely examine the ActivityPub ecosystem.
Is it just me, or does this seem suspiciously poorly thought out? Perhaps there is a second stage involving stock plays. The BTC thing might be a diversion.<p>Or we are incredibly lucky and the exploit was found by people with really bad foresight and imagination.
The attack is ongoing. Why haven't they<p>1) shut down api endpoints
2) locked down all verified accounts
3) blocked any tweets with the btc address in them
4) make a statement if they really can't stop it?
There's a Web Archive link[0] for anyone curious.<p>It looks like this was pretty successful for the hacker. At the time of writing they received ~3.1 BTC, or ~$29k in USD[1].<p>Edit: Replaced [1] with a site that appeared to have less trackers according to Privacy Badger.<p>[0]: <a href="https://web.archive.org/web/20200715202030/https://twitter.com/elonmusk/status/1283495825998520320" rel="nofollow">https://web.archive.org/web/20200715202030/https://twitter.c...</a><p>[1]: <a href="https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh" rel="nofollow">https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...</a>
Twitter is seriously out of control.<p>They should have pulled the plug an hour ago, and that plug pulling should have been automated.<p>If this were something even more sinister a whole country could have plummeted into chaos, death, destruction.
This is the earliest non-deleted tweet I've found referencing the bitcoin address (or rather, noticing that an account got hacked). It was sent at 12:23PM Pacific time (more than 1.5 hours ago): <a href="https://twitter.com/lawmaster/status/1283481418518208513" rel="nofollow">https://twitter.com/lawmaster/status/1283481418518208513</a>
Still going on. <a href="https://twitter.com/BillGates/status/1283503731682811907" rel="nofollow">https://twitter.com/BillGates/status/1283503731682811907</a> What a disaster this stuff. Wonder how it was done.
My wild, unfounded conjecture: the attacker discovered this recently and had only a short, fixed time window in which to run a scam. Maybe the time before some maintenance update? So none of the more sophisticated approaches (like selling to the highest bidder or manipulating some stocks) were practical before the vulnerability would be repaired.
If you imagine short notice and a couple-hour window when US markets were closed, are alternative hacks really that much more lucrative?
WTF. I'm baffled. How have they not either<p>* thrown the site in read only mode OR<p>* taken the entire site down<p>Until they can fix the security vulnerabilities. That would be better than what is happening now.
Okay here is my mostly baseless conspiracy theory:<p>As many others have noted, access to the compromised accounts is worth several orders of magnitude more money than the hackers were able to extract using this naive bitcoin scam. Whether it's used to manipulate markets or just resold, the hack is probably worth millions or tens of millions. Is it plausible that hackers who could coordinate and execute this kind of a breach would not know how to maximize the value of the hack and would instead opt for a really naive and not especially lucrative BTC scam?<p>It is also pretty common knowledge that the activist investor hedge fund Elliott Management has wanted Jack Dorsey removed as Twitter's CEO for quite some time. What if the BTC scam is a cover for corporate espionage? What if the purpose of the hack was actually to make Dorsey look incompetent in the most public way possible, and possibly turn many influential public figures against Twitter? Elliott Management has the resources to finance a breach like this as well as the motive.<p>An alternate theory would be that this actually <i>was</i> a form of market manipulation -- manipulation of Twitter's share price.
for 15 minutes society was perfect, i felt invigorated and had the ability to dream new dreams, and we were all loving friends. and then the blue checks came back.
Is the attack now changing usernames to the BTC address or are these people just trolling?<p><a href="https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh&src=typed_query&f=live" rel="nofollow">https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p8...</a>
I'm honestly surprised that Twitter doesn't have some sort of circuit breaking for such gigantic attack towards major accounts. It's a PR nightmare that a circuit breaker would help a bit with, no?
Seems like the hacker has got 100% access to Twitter's backend and is just not able to decide whom to attack next!<p>One after another big handles getting hacked!<p>Collection till now has crossed 12 BTC (<a href="https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh" rel="nofollow">https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...</a>)
It would be incredibly irresponsible if there isn't a team at Twitter right now working to bring the whole site down.<p>It's one thing going after a couple celebrities and CEOs, but they've now hit a former US President and a current Presidential candidate.
I posted this here and it got flagged.<p><a href="https://twitter.com/asculthorpe/status/1283501026281127937" rel="nofollow">https://twitter.com/asculthorpe/status/1283501026281127937</a><p>Try to warn people and you get slammed for it.<p>Ugh.
Could this be related to the Executive Order POTUS signed yesterday on Hong Kong Normalization?<p><a href="https://www.whitehouse.gov/presidential-actions/presidents-executive-order-hong-kong-normalization/" rel="nofollow">https://www.whitehouse.gov/presidential-actions/presidents-e...</a>
That's really light in details, TC has more juice about the situation IMHO: <a href="https://techcrunch.com/2020/07/15/twitter-accounts-hacked-crypto-scam/" rel="nofollow">https://techcrunch.com/2020/07/15/twitter-accounts-hacked-cr...</a>
The wallet that the hacker who got Elon posted has been given 5.7 BTC and counting: <a href="https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh" rel="nofollow">https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...</a>
I have a question to ask you all. If I wanted to study things to get to the point where internally/externally I could coordinate a hack of this magnitude, what things do I need to study? What are the technical things needed to pull something like this off? What are the social corporate things I needed to know to pull this off? I know that we don't have specifics, but I'm asking as a pure academic exercise how much I'd need to know to pull this off, and how to get away with it too.
This raises so much questions about Tech giants security. If they could do this manipulating elections or so much power with one system.<p>"Security is Myth."
Wonder if this could have been done by a rogue employee at Twitter? Since they are working from home during COVID, wonder what internal controls they have? I know some wondered if they used serveral high profile accounts, why not the presidents then? Well Twitter put extra protections on his account after an employee on their last day decided to suspend his account for 11 minutes. So if this isn't an hack and done internally that might be a clue.<p>I was surprised Apple especially got their account hacked, since they are big on security as a company. I know with Facebook a page can have multiple person accounts managing it, but I don't believe Twitter ever had such a thing unless more recently... So if you want multiple people to manage an account you'd use a special tool or just share the login info between your social media team.<p>I kinda feel like if you have to commute to an office, maybe more accountability as I'd feel someone might be looking more over your shoulder but I'd depend if someone gets private offices or a more open office design.
Posts stopped for the other btc address (bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh)<p>Here's a tweet from KimKardashian, for a different BTC address (bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l)
<a href="https://twitter.com/KimKardashian/status/1283523054874877953" rel="nofollow">https://twitter.com/KimKardashian/status/1283523054874877953</a>
It's amusing that this is so successful only because of all the people posting their triumphant screenshots of success in losing all their money.<p>All it takes is 100 gullible people to net $100k, and there's a lot more than 100 gullible people on Twitter.<p>And it all happened in the span of 20 minutes. Can we expect any better response in the hopes of preventing this next time assuming all the accounts are hacked already? Or does the nature of realtime media and hundreds of bored eyes sitting on wads of cryptocurrency getting to it first mean it's just game over?<p>I remember the golden days of messing up people's lives over digital terminals, where the most they'd do was wipe your harddisk or warn the user of something vaguely ominous on the third Tuesday of April like "the Reaper's gonna get you" or play an 80's Top Ten number rendered through the PC speaker all of the sudden scaring you to death.<p>From here on out it's always going to be about money, and to me that's just boring and sad.
Should Twitter start supporting cryptographically signed messages? In any case, I wonder about the legal ramifications of this kind of event, for Twitter and for the individuals that have been hacked.
It's a very very loud attack, no doubt. But how sophisticated it's? Probably not as much as many think. As early reports suggest the attack was done via a stolen employee's token, it suggests the attacker has access to the employee's web browser. Potentially some malware extension that silently sniffs traffic to twitter?
Has Twitter's forever WFH policy resulted in this Zero Day Vector or Whatever it is!
Which has resulted in Hacking of So many big Accounts and Bitcoin Scam?
So far people have sent:<p>Transactions
253<p>Total Received
$101,539.14<p>Link to address:<p><a href="https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh" rel="nofollow">https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...</a>
<a href="https://twitter.com/brandontwall/status/1283525485440503811" rel="nofollow">https://twitter.com/brandontwall/status/1283525485440503811</a><p>Hours in, seems the vulnerability was not yet patched but simply blue-checks had posting rights pulled. Only non-verified accounts have been posting the wallet key for a while now (search new to find them).<p>I know it's easy to judge from afar but I can't believe they're leaving the site up during this.
The domain associated with first round of tweets wasn't anonymized.<p>Could be a setup <a href="https://twitter.com/jfbsbnix/status/1283487977591767041" rel="nofollow">https://twitter.com/jfbsbnix/status/1283487977591767041</a><p>Or maybe a dodge <a href="https://twitter.com/verretor/status/1283506654521094146" rel="nofollow">https://twitter.com/verretor/status/1283506654521094146</a>
This is looking really bad, I wonder what they used to get access to all these high-profile accounts?<p>It's worth noting these types of blackhat crypto scammers make millions a year from this already, but this is definitely making it a lot worse.<p>EDIT: Still going on after 30+ minutes, seeing people like Bill Gates tweet crypto scams still. Amazed they got all the crypto exchange too.<p>And it's not just Bitcoin, they got RIpple too and posted XRP addresses.
Why is twitter optimizing uptime instead of trust?<p>Trying to figure out why would they let such a massive hack play out for over an hour instead of pulling the kill switch.
I have a couple of services that run on twitter API and they have all been suspended in the last half hour. They are definitely in damage control mode.
Recent update: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."<p><a href="https://twitter.com/TwitterSupport/status/1283591846464233474" rel="nofollow">https://twitter.com/TwitterSupport/status/128359184646423347...</a>
Shameless plug: All the companies(Google, Microsoft...) are telling trust us. But, I believe that we should trust us instead of relying on third parties. They always change when businesses interest changes. This is where web3 is coming to play. Technologies like IFFS, safe network are coming. Looking at the scale issue, I guess this web3 takes at least 5 more years. But, this kind p2p technology is possible with small-scaled mesh. Mesh networks within our devices or families. From the beginning, I hate the idea of storing passwords in the third-party password manager. Later, I fell into the same trap because a managing lot of passwords is difficult. So, I building an open-source p2p password manger. Replicates the passwords within your devices, instead of storing everything at the vendor's cloud. It's half-way for the closed beta release. I would like to hear everyone's feedback on this idea.<p>Thanks
Seems like they reposted it on the cash app account. This time it’s a different address.<p>New Address: bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w9l
<a href="https://mobile.twitter.com/CashApp/status/128352200769559757.." rel="nofollow">https://mobile.twitter.com/CashApp/status/128352200769559757...</a>.
Isn't it obvious? All the hacked accounts were fake accounts from the start managed by twitter employees who fill them with content every day to simulate an active social network. The hack just revealed that Twitter in fact rules the world and all these other companies, billionaires and celebrities simply don't exist.
Imagine for a moment that this ends up being something state-sponsored or that twitters entire DB gets dumped, private accounts and all.<p>This could have a profound impact on governments who want to target dissidents if somebody for example, only felt comfortable criticizing their government from a protected account...
Btc address in the explorer to see how much was deposited
<a href="https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh" rel="nofollow">https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...</a>
Whoever hacked Twitter today definitely got major access to their backend: <a href="https://twitter.com/whoisjuan/status/1283502962103455744?s=20" rel="nofollow">https://twitter.com/whoisjuan/status/1283502962103455744?s=2...</a>
I was thinking the other day about a digital signature for limited character tweets.<p>Provided I’m not a cryptography expert and you should explore my ideas with caution, why not even just sign every tweet with an ed25519 signature? It’s on 64 bytes tacked onto the message and easy to verify...
About $110k in the address. Honestly not that impressive for a hack of this scale. I wonder what they could have gotten if they reported this for a bug bounty instead.<p>Or as Matt Levine said, "if I got Elon Musk's twitter password I'd wait until market hours to use it."
This reminds me of Colin.<p>Back in 2013 when I was working at Sky News, the person responsible for the social media accounts (with millions of followers in total) stormed into a meeting: "Our Twitter account has been hacked".<p>This was at a time when many high-profile news Twitter accounts were hacked by so-called "electronic armies" who published damaging tweets. However in our case it was a single obscure "Colin was here" tweet.<p>We had recently built an internal endpoint in one of the backend apps that takes a string and publishes it straight to the main breaking news Twitter account. This was integrated with a custom UI tool that the news desk people used to quickly break a story across TV, Twitter, the website etc with one click.<p>I had a suspicion that this endpoint was how that tweet was published, but could not prove it. Many thoughts were going through my head.. “is this an internal job, or did someone hack our backend system and somehow figured this out etc.. “<p>We quickly returned to our desks, and straight away I greped our logs for "tweeting" as I developed that feature and was sure we logged that when the endpoint is called, but in the heat of the moment forgot that to “-i” as it the log message actually contained "Tweeting" (which cost us a few minutes). In the meantime there was panic around the business, people were putting out PR statements just in case it was a real hack, the tweet was deleted etc.<p>Finally, with help from colleagues, we tracked down a "Tweeting" log message around the same time the tweet was published along with the HTTP request source IP, and traced it (just like in movies) to our secondary news studio in Central London. This is when one of the managers shouted "I know a Colin who works there, he's a testing team manager!".<p>We gave Colin a ring to understand what was going on, he had no idea about any of this but said he was doing some DR testing earlier of all tools that editors use, and wasn’t really aware this would go out. As you can imagine, it could have been much worse.<p>The entertaining bit was the 30 minutes of fame this mysterious Colin enjoyed on the internet, where many people were worried about the welfare of "Colin", and it was picked up by various [1] news [2] websites.<p>[1] <a href="https://www.buzzfeed.com/lukelewis/an-important-history-of-the-colin-was-here-meme-that-changed" rel="nofollow">https://www.buzzfeed.com/lukelewis/an-important-history-of-t...</a>
[2] <a href="https://www.buzzfeed.com/lukelewis/an-important-history-of-the-colin-was-here-meme-that-changed" rel="nofollow">https://www.buzzfeed.com/lukelewis/an-important-history-of-t...</a>
This "send me btc to send you more btc"scam has been happening for the past few months and Charles Hoskinson (<a href="https://twitter.com/IOHK_Charles" rel="nofollow">https://twitter.com/IOHK_Charles</a>), founder of the Cardano blockchain was warning about this issue for a while, he mentioned his team was trying to get in touch with twitter and youtube to stop this and these companies have let this slide for a while.<p>[edit]<p>some are wondering if this is some type of money laundering scheme
<a href="https://twitter.com/nktpnd/status/1283521742602940420" rel="nofollow">https://twitter.com/nktpnd/status/1283521742602940420</a>
Strange coincidence tweet by Jack Dorsey from last evening:<p><a href="https://twitter.com/jack/status/1283169859233214465" rel="nofollow">https://twitter.com/jack/status/1283169859233214465</a><p>> #bitcoin @BubbaWallace
> “I am giving back to my fans. All Bitcoin sent to my address below will be sent back doubled.”<p>So Twitter is the real-life Jita local chat? Does this also mean BTC is as meaningless as ISK, that people are willing to gamble it on a doubling scam?
This reminds me of 2013 when The Associated Press was hacked with a tweet of "Breaking: Two Explosions in the White House and Barack Obama is injured" and erased $136 billion in equity market value:<p>Archive: <a href="http://archive.is/8lCMV" rel="nofollow">http://archive.is/8lCMV</a><p><a href="https://www.washingtonpost.com/news/worldviews/wp/2013/04/23/syrian-hackers-claim-ap-hack-that-tipped-stock-market-by-136-billion-is-it-terrorism/" rel="nofollow">https://www.washingtonpost.com/news/worldviews/wp/2013/04/23...</a>
Wouldn't it be possible to block this attack by flagging all tweets containing the Bitcoin address in question? I would've assumed that Twitter could do something like this, maybe even already set up an automated system.
The title is inaccurate. The Twitter accounts hacked are <i>far</i> more important than just a couple of prominent cryptocurrency accounts.<p>Obama is in there, Jeff Bezos, Bill Gates and many other prominents that have nothing to do with crypto.
All @apple tweets removed?<p><pre><code> @Apple hasn’t Tweeted
When they do, their Tweets will show up here.
</code></pre>
<a href="https://twitter.com/Apple" rel="nofollow">https://twitter.com/Apple</a>
Finally Twitter wakes up and Twitter support tweets: "You may be unable to Tweet or reset your password while we review and address this incident."<p>Not clear who is You here, all accounts are just verified or selected accounts.
I am sorry but either from the article or discussion here, I am not exactly clear what has happened. Can someone explain ? Meaning did the user accounts on Twitter got hacked or the actual company websites ? Or both ?
Jeff Bezos just got hit as well:<p><a href="https://twitter.com/JeffBezos/status/1283508547897171969" rel="nofollow">https://twitter.com/JeffBezos/status/1283508547897171969</a>
They are posting to almost every other account, high profile or not. Its a massive spam, too much users to be a password steal.<p>About the client, they are post from accounts that have only used "Twitter for Web" or only used "Twitter for Mac" or only used "Twitter for iPhone"... in the past<p>Updated accounts with the spam.<p><a href="https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh%20filter%3Averified&src=typed_query&f=live" rel="nofollow">https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p8...</a>
The BTC address used by the malicious actors has received ~13 BTC so far. That's around $120k in value at the time of me writing this comment.<p>Not sure if such a massive, simultaneous hacking operation makes sense for ~$120k worth of BTC. As other commenters mentioned, postmortem of this one should be interesting.<p><a href="https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh" rel="nofollow">https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...</a>
Worldwide verified accounts are now disable (can favorite and retweet but not post messages), and I imagine that soon we'll see unverified accounts also being targeted.
Obama just tweeted out the same thing. It seems all of twitter has been hacked. The post mortem will sure be interesting. Also interested in how TWTR gets affected.
If you take a look at some of the transactions, you will see some interesting addresses like:<p>1JustReadALL1111111111111114ptkoK<p>1TransactionoutputsAsTexta13AtQyk<p>1YouTakeRiskWhenUseBitcoin11cGozM<p>1BitcoinisTraceabLe1111111ZvyqNWW<p>1WhyNotMonero777777777777a14A99D8<p>1forYourTwitterGame111111112XNLpa<p>Link: <a href="https://www.blockchain.com/btc/tx/67b814526ae6ee78a16059bfcfc06ed7768c92c58f3409367cb180627631ddbe" rel="nofollow">https://www.blockchain.com/btc/tx/67b814526ae6ee78a16059bfcf...</a>
Seems to me twitter should hire some humans to sit there and manually approve every tweet by all VIP accounts before they go live. How hard could that be? If that’s all they do you’re adding maybe a 30 second delay to every VIP tweet and you’re pretty much guaranteeing that this doesn’t happen again. Unless of course the hackers somehow inserted the tweet directly to the database and bypassing any such measures.
Oh wow, now they're doing multiple tweets/minute: <a href="https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh&src=typed_query&f=live" rel="nofollow">https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p8...</a><p>It might make sense for Twitter to redirect all non-retweets of that address to /dev/null (or a sandbox) for a little while.
I do not think it is hyperbolic at all that I immediately just felt the hand move a full minute towards midnight.<p>This is suspiciously underwhelming use of an exploit.
People who don't want scrutiny from their old tweets want an easy way to delete/wipe their tweets. There are a load of software out there that claim to do this. They all relatively take over the oAuth chain, and do the needful. But one of them does it as if you were in your browser. As to not give away information about the user's phone/type/version.
It's so easy for a Twitter user to use a a later compromised 3rd party app, only having to press a button to authorize the entire oauth chain. Look at hosted packages or artifacts in dockerhub, GitHub, ruby, pypi, etc. Malicious things like this are everywhere, dormant on systems until the right group can leverage against end users. Imagine if tweekdeck was compromised.
Still going on as of this post time. Elon's just went off again.<p>Over 30ish minutes now. Holy shit, it's going to be fun to see the outcome of this.
I can't imaging some of those hacked people not having extremely good security habits. 2FA, long unique ramdom-generated passwords not used anywhere else, and secured phones that would be hard to do a SIM swap on.<p>Which leads me to believe someone has really hacked twitter in a bad way or there's someone on the inside helping them.
Hackers still actively tweeting out from everyone's accounts<p><a href="https://twitter.com/search?q=All%20Bitcoin%20sent%20to%20the%20address%20below%20will%20be%20sent%20back%20doubled&src=typed_query&f=live" rel="nofollow">https://twitter.com/search?q=All%20Bitcoin%20sent%20to%20the...</a>
Funnily enough, the Tweet made me immediately think whoever wrote it speaks French natively. In French grammar, there needs to be space before any punctuation with exactly two parts (e.g. ":", "!", or "?"), and it's a common error for French-natives to do the same in English.
My original comment was deleted, so I'll try this again.<p>I've read the comments here and quite surprisingly there are a lot of folks saying that the value of this hack isn't worth more than roughly one year's salary at Twitter (as an intern). I appreciate the pragmatism, but unlikely.<p>Anyone with this kind of exploit could have sold it, moved to Russia, and received immunity from extradition. Secondly, people should be scrutinizing any moron willing to give away thousands of dollars to billionaires for a promise of a 2x return. Especially in these times.<p>So, reason can only allow us to arrive at a most likely cause. That this was indeed an inside job. It was not about money. It was not a security flaw. But rather, it was simply a group of employees that were unhappy with Twitter allowing the federal government to investigate bad actors on the platform behind closed doors.<p>And here is why: <a href="https://www.scribd.com/document/467148777/DHS-Social-Media-Letter" rel="nofollow">https://www.scribd.com/document/467148777/DHS-Social-Media-L...</a>
I could imagine a faked tweet attributed to Trump that could immediately begin mobilization in other countries to prepare for war. There are several fake tweets from the Bezon/Musk I could imagine that could credibly send the stock price of AMZN down by 10%, TSLA down by 50% in a matter of minutes.<p>Attacker(s) could profit immensely if they had leveraged short positions cleverly placed.<p>Users losing a few hundred thousand is getting off light considering the severity of this attack and how much worse it could have been.
According to Blockchain.com, more than $100,000 was received at that address about an hour after the first hack, which appears to have tricked more than 350 users. <a href="https://archive.vn/QOp4M" rel="nofollow">https://archive.vn/QOp4M</a>
This may be the last straw that tips politicians over into considering Twitter & co utilities - stuff that the gov has a say in running because failure is unacceptable to the public.<p>Not that I think the gov could do a better job, but that doesn't stop them elsewhere.
Here's an official update from Twitter: <a href="https://twitter.com/TwitterSupport/status/1283591844962750464" rel="nofollow">https://twitter.com/TwitterSupport/status/128359184496275046...</a>
The attacker already made over 5 BTC:<p><a href="https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh" rel="nofollow">https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...</a>
Looks like verified users can tweet again: <a href="https://twitter.com/TaylorLorenz/status/1283531947877294082" rel="nofollow">https://twitter.com/TaylorLorenz/status/1283531947877294082</a>
Instead of taking a screenshot, archive Tweets with <a href="https://archive.is/" rel="nofollow">https://archive.is/</a> before they disappear. (The Wayback machine doesn’t work with Twitter due to robots.txt)
Hackers still posting using Elon's account: <a href="https://twitter.com/elonmusk/status/1283520825782566912" rel="nofollow">https://twitter.com/elonmusk/status/1283520825782566912</a>
Some pics of the tweets: <a href="https://twitter.com/TheHackersNews/status/1283502081265950720" rel="nofollow">https://twitter.com/TheHackersNews/status/128350208126595072...</a>
Please be kind to the people that are working on this problem, right now, at Twitter and the countless hours that will need to go into remedying it.<p>Hopefully, an eventual post-mortem is gonna be juicy and then we can critique all we want.
What could have been the best prank of 2020 wasted on a bitcoin scam. If it were me, I'd try to start a war or two as the ayatollah, or maybe make some unplanned celebrity trump endorsements. Wasted potential.
and Obama <a href="https://twitter.com/BarackObama/status/1283515490653147139" rel="nofollow">https://twitter.com/BarackObama/status/1283515490653147139</a>
> <i>At least some of the compromised accounts have multi-factor authentication enabled, including CoinDesk's.</i><p>Interesting. I wonder if it was a SMS hack, and if not, then a new kind of vulnerability?
Twitter support tweeted: "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly."
The screenshots seem to show accounts shadow-banned, something Twitter denied doing for years... I am referring to those labels showing banned from search, etc. Seems interesting.
Some reports that this was related to compromised OAuth tokens. How would someone know and what is the source of the compromise? A third party app that all of these accounts use?
It's really strange to claim it was "simultaneous" account hacking instead of Twitter being hacked. I guess all journalism today has 50% opinion in the middle.
These hackers are clearly amateurs. If you're going to post crypto scams on hijacked Twitter accounts you can't NOT include John McAfee's account. Seriously.
Imagine buying puts on TSLA and tweeting this from @elonmusk:<p>> Stepping down from TSLA effectively immediately. Focusing 100% on SpaceX. Life's short.<p>This could easily be worth $100m's
Everyone here is suggesting a monetary motive. Maybe there's a political motive--someone who really hates Twitter or serves to benefit if Twitter suffers.
I wonder what the automated trading bots tracking these accounts did.<p>Will Twitter get sued by the people who fell for this scam? By the people who got hacked?
dang, if you would collapse all threads by default and only show/load top level comments, you probably would not even need this performance workaround. On the first page of your performance workaround, there was only 4 top-level comments... probably less than 100 total, I would guess (for most posts).
All in all that looks like a poorly thought out attack. So much more could've been done than cryptoscam.<p>Considering execution, it may be that this is some API 0day which does not show (or make it hard to guess) which account messages are being posted from. How else would you explain neutral messages for all account when you could've personalised it per account to maximize efficiency.
How did they possibly steal Elon Musk's Twitter account? We need a post-mortem on this because if he can be phished, then we need to know how, and if it was some internal hack then I also need to know how. That's extremely scary!
A lot of people (rightly) pointing out that the actual exploit payload here is a horribly inefficient way to monetize such awesome power. Some of the replies that influencing regulated markets would be traceable...sure, but trillions of dollars flow through these markets each and every day. A decently large options position accumulated over days wouldn't raise any red flags, and one tweet about the Fed raising rates on the back of strong employment + vaccine hope would have sent markets into a tailspin. The reality is that it would be much more difficult to identify bad actors than it is with public crypto addresses. And your money is clean at that point, part of the US financial system (or other tier 1 banking system).
Interesting how @Apple currently displays zero tweets at all.<p><a href="https://twitter.com/Apple" rel="nofollow">https://twitter.com/Apple</a>
I've seen the groundwork for this over the last 6-8 weeks, with 'people' (questionable-looking accounts) retweeting screenshots of similar-looking tweets purporting to be from Elon Musk, and other similarly fishy accounts going 'wow it really works' or the like. I noticed them showing up consistently in replies to Trump tweets, probably just because they get tons of engagement.
So, does no one think this was China doing a 'we can do what we want when we want' as a response to Trump's executive order the day before this happened? And if it is, would they be honest about the cause since that would require a response and likely an escalation?
Just imagine if Trump’s account were hacked to indicate that the US is launching a missile towards North Korea. Or maybe a message to encourage some kind of armed uprising in the US.<p>Hacking the right Twitter account could easily have massive life-and-death consequences. Isn’t that terrifying?
I find it fascinating that they didn't target @POTUS/@realDonaldTrump. I wonder if there are specific mechanisms in place to protect accounts that could, y'know, start WW3, that aren't rolled out to other blue checkmark accounts.
I don't think anyone appreciates how scary this is. A simple BTC scam or even market manipulation is one thing. Can you imagine the mass panic if there were one sombre tweet from Trump's account about a nuclear strike?
Related <a href="https://news.ycombinator.com/item?id=23853786" rel="nofollow">https://news.ycombinator.com/item?id=23853786</a>
I really HOPE the details of this hack become public, because this is huge. (I can already hear celebs who say dubious things trying to claim they were hacked.)
This must be a shot over someone's bow.<p>Edit: Or a trading play? That would have taken place while the markets were open, though. TWTR after-hours trading is off 3% on the news.
All Apple Tweets are now deleted<p><a href="https://twitter.com/apple" rel="nofollow">https://twitter.com/apple</a>
and now one scam alone
<a href="https://twitter.com/Apple/status/1283506278707408900" rel="nofollow">https://twitter.com/Apple/status/1283506278707408900</a>
I've never heard of Hacker News censoring comments that do not abuse the site guidelines, with rational opinions. This comment thread is being heavily censored. This fundamentally abuses the trust that users have put into this site.