Image: Cointelegraph

Crypto scammers who perpetrated what could be the largest ever hack on Twitter were able to succeed because individual staff members had high-level access to user account information and the control systems of the popular social media platform.

The hackers were able to post tweets using the accounts of major figures including Barack Obama and Joe Biden to promote a fake bitcoin (BTC) giveaway which has so far swindled over 300 users out of $118,000, Cointelegraph reported.. 

In a series of tweets from Twitter Support on July 15, the help center of the social media platform confirmed that hackers responsible for the massive breach of high-profile figures’ accounts had conducted a “coordinated social engineering attack” to gain “access to internal systems and tools.”

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” Twitter Support said. “We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

The account reported the platform had taken “significant steps to limit access to internal systems and tools” as the breach is investigated.

The individual employee admin panels targeted in the hack have significant access to a variety of tools to control the affected accounts, including posting messages on their behalf and changing the verification phone number and email address.

Twitter user sniko_ posted screenshots which indicate the fraudsters may have changed the email address for verification for the Coinbase and Gemini accounts, as they were the same following the attack.

Coinbase and Gemini password reset screenshots
Coinbase and Gemini password reset screenshots

Vice’s Motherboard reported that Twitter was taking down screenshots of user posted shots of admin panels on the grounds that they violated the rules. Images showing access to several Twitter accounts revealed internal admin details including the number of strikes logged against each account, when the account was last accessed, which phone numbers were tied to it, and which email addresses were used for verification. 

Screenshot of Twitter internal employee panel access to Binance account
Screenshot of Twitter internal employee panel access to Binance account. Source: Motherboard

Reactions from Crypto Twitter

“Sounds bad that a Twitter developer can just login to my account and tweet anything, read my private stuff and all,” said Twitter user 1uc45MH. “If one of them freaks out they can tweet anything on anyone’s account.”

The stock market reacted similarly, despite it being closed for trading shortly after the hack was discovered. Twitter’s stock TWTR fell from $35.60 to $34.70, a drop of 2.5% in just 15 minutes. At the time of writing, the platform’s stock is priced at $34.52.

Chainalysis says scammed bitcoin is ‘on the move’

Chainalysis told CoinDesk it is monitoring four wallets associated with the attack.

The most prevalent address received $120,000 in bitcoin from 375 transactions. Secondary addresses received $6,700 in bitcoin from 100 transactions. An XRP wallet netted nothing.

So far, a wallet whose associations are not yet known has received 5 bitcoin ($46,055) in total. “We are collaborating with our customers to find leads from this wallet,” Chainalysis spokesperson Maddie Kennedy said.

Part of the scam relied on hackers churning their own crypto between wallets to inflate the number of people who appeared to be chipping in, according to Chainalysis. The firm called the tactic “unsurprising.”

A Japanese wallet that sent scammers $40,000 in bitcoin appears to have been the single largest victim of the still-unexplained hack. International exchanges were generally the source of victims’ bitcoin, Chainalysis said.

No BTC has been cashed out to fiat just yet, the crypto-sleuthing firm added.

Chainalysis has its eyes on four addresses associated with the hack.