Twitter releases statement about crypto scam hack, keeps affected users locked out

Twitter has released an official statement on the hack that saw some of the biggest accounts on the platform pushing a bitcoin scam.

On Wednesday, verified accounts including Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, Kim Kardashian, and Kanye West were hacked to tweet links to a bitcoin address, promising that anyone who transferred BTC would have multiples of that amount sent back. 

Verified accounts were prevented from tweeting (though not from retweeting) for over two hours while Twitter sought to secure the breaches, to the amusement of unverified users.

Just after 7.30 p.m. PT, Twitter released the following statement via a thread by its official @TwitterSupport account:

Our investigation is still ongoing but here’s what we know so far: 

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it. 

Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this. This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do. We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. 

Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.

While the scam itself was worrying enough — the account raked in tens of thousands of dollars — the much bigger concern is, of course, that the Twitter accounts of some of the richest and most influential people on earth could be simultaneously compromised and hijacked with such apparent ease. 

CEO and co-founder Jack Dorsey tweeted about the crisis earlier on Wednesday evening, hinting at just how rough an afternoon it had been for the team but stopping short of an apology.

Tough day for us at Twitter. We all feel terrible this happened.

We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.

? to our teammates working hard to make this right.

— jack (@jack) July 16, 2020

Twitter product lead Kayvon Beykpour tweeted an apology, promising more information to come.

Our investigation into the security incident is still ongoing but we’ll be posting updates from @TwitterSupport with more detail soon. In the meantime I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers. https://t.co/j5gQCr5Of7

— Kayvon Beykpour (@kayvz) July 16, 2020

This is a developing story…