The US Federal Bureau of Investigation (FBI) is now leading a federal inquiry into the Twitter scam after hackers seized control of “approximately 130 accounts” including those belonging to Jeff Bezos, Elon Musk, Barack Obama, Warren Buffett, Joe Biden, Kim Kardashian, and others in a bitcoin-related scam, reported Reuters citing unnamed two sources familiar with the matter.
“We are aware of today’s security incident involving several Twitter accounts belonging to high profile individuals. The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” said the FBI.
Before some of the most high-profile users were compromised, the emails linked to Twitter accounts went for sale on gray market sites. While an email was up for $250 in digital currency, for $2,500, the buyer would get the account itself.
In theory, social media companies ban the sale of accounts, but an administrator at OGUsers, the account trading forum, told Reuters that the internet firms “pick and choose when to enforce that rule.”
Amidst this, Twitter has also stepped up the search for a chief information security officer.
The company meanwhile continues to lock accounts that had changed passwords in the past month but believes “only a small subset of these locked accounts were compromised.”
In a rare bipartisan agreement, both Democrats and Republicans say Twitter must explain how the security breach happened and what it is going to do to prevent future attacks.
“This hack bodes ill for November balloting,” U.S. Senator Richard Blumenthal said in a statement while scolding Twitter for “its repeated security lapses and failure to safeguard accounts.” Senate Commerce Committee chairman Roger Wicker requested more information on the hack.
President Donald Trump’s account was not jeopardized during the attack, said spokeswoman Kayleigh McEnany. The White House has been in “constant contact with Twitter over the last 18 hours” to keep Trump’s Twitter feed secure,” she said.
Tracking the Money
Meanwhile, investigators are scouring for clues with those behind the security incident that scammed $120,000 worth of BTC out of people, shifting the funds around online accounts creating a digital paper trail.
The attackers received a total of $121,000 from over 400 payments, the largest one of $42,000 came from a Japan-based exchange, according to Elliptic which helps law-enforcement agencies track crypto-related crime.
About $65,000 were quickly moved to other bitcoin addresses, $60,000 of this were directed to an address that has been active since May and interacted with Coinbase and payment processors Bitpay and CoinPayments, said Whitestream, a blockchain intelligence company.
BitPay confirmed this, and a spokesperson said, “Available details are being shared with appropriate parties including law enforcement.”
The funds initially collected in three bitcoin addresses have been moved to 12 new addresses, as per Elliptic.
The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has asked crypto exchanges and other financial institutions to report any suspicious activities related to the hack, in an advisory issued on Thursday. The New York Department of Financial Services will also investigate the incident, said New York Governor Andrew Cuomo.
According to cyber researchers investigating the issue, the motive behind the attack was bragging rights more than financial gains.
“This doesn’t look like a particularly sophisticated hacking group,” said Roi Carthy, the chief executive of Hudson Rock.
“Why go through all of the effort of stealing these credentials, just to make a few bucks.”
The Twitter accounts of crypto exchanges could have been used to torpedo the price of bitcoin or make millions of dollars by shorting Tesla and sinking its price by using Musk’s account. Carthy said,
“There are so many better ways to scam crypto than what they did.”
However, it also makes sense they went with bitcoin because the digital asset was the best performing asset of the last decade and has been up over 135% since the March crash. It can also be used worldwide.