Twitter hack hits Elon Musk, Obama, Kanye West, Bill Gates and more in Bitcoin scam

The site says the sprawling hack was the result of a "coordinated social engineering attack" on its employees.

Ry Crist Senior Editor / Reviews - Labs
Originally hailing from Troy, Ohio, Ry Crist is a writer, a text-based adventure connoisseur, a lover of terrible movies and an enthusiastic yet mediocre cook. A CNET editor since 2013, Ry's beats include smart home tech, lighting, appliances, broadband and home networking.
Expertise Smart home technology and wireless connectivity Credentials
  • 10 years product testing experience with the CNET Home team
Queenie Wong Former Senior Writer
Queenie Wong was a senior writer for CNET News, focusing on social media companies including Facebook's parent company Meta, Twitter and TikTok. Before joining CNET, she worked for The Mercury News in San Jose and the Statesman Journal in Salem, Oregon. A native of Southern California, she took her first journalism class in middle school.
Expertise I've been writing about social media since 2015 but have previously covered politics, crime and education. I also have a degree in studio art. Credentials
  • 2022 Eddie award for consumer analysis
Ry Crist
Queenie Wong
5 min read
Screenshot of Elon Musk's Twitter feed with Bitcoin scam message
Enlarge Image
Screenshot of Elon Musk's Twitter feed with Bitcoin scam message

The Bitcoin scam as it appeared on Elon Musk's Twitter feed.

Screenshot by Chuck Reynolds/CNET

Bitcoin scammers targeted the Twitter accounts of Elon Musk , Bill Gates , Kanye West , Barack Obama and other famous tech executives, entertainers and politicians on Wednesday in what appears to be a large-scale hack. Apple, Uber and other businesses were also caught up in the sprawling hack, which Twitter later attributed to a social engineering attack on its employees.

Twitter accounts with millions of followers seemed to have been compromised, raising concerns about whether the company is doing enough to protect the security of its users. While cryptocurrency scams aren't a new problem for Twitter, the size of Wednesday's attack is unusual. 

"I'm feeling generous because of Covid-19," a now-deleted tweet from Musk's account reads. "I'll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!"

Similar tweets were sent through the Twitter account belonging to Gates, the billionaire philanthropist and Microsoft co-founder. "I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000," the tweet, which was deleted, read.

Enlarge Image

This is the scam tweet sent from Bill Gates' account. (The Bitcoin address has been removed from this screenshot.)

Screenshot by Ian Sherr/CNET

The scam tweets would periodically vanish, only to reappear minutes later. 

A spokesperson for Gates confirmed the tweet wasn't sent by the billionaire.

"We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account," the spokesperson said in a statement. 

Obama's account tweeted a message similar to the one shared by the Musk and Gates accounts. In a tweet sent to his 120 million followers, Obama's account tweeted that the former president was giving back because of the novel coronavirus and that he would double all bitcoins sent to his address for the next 30 minutes.

It wasn't immediately clear how the hack was conducted or how many accounts were impacted, although Twitter did provide an update late Wednesday, indicating that while its investigation into the hack was ongoing, the company had determined it to be the result of a "coordinated social engineering attack."

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," Twitter said in a tweet.  (For tips on how to secure your Twitter account, see this CNET story.)

But for the hack's first two hours, Twitter didn't have a handle on the incident. In a tweet, the company said some users might not be able to tweet or reset their password as they reviewed and tackled the problem. Twitter also began removing tweets of screenshots showing internal tools that were possibly used in the attack.

Twitter CEO Jack Dorsey tweeted Wednesday evening that it was "a tough day for us at Twitter" and promised to share the company's findings when it completed its diagnosis of the hack.

Some users who tried to tweet got an error message, saying this appeared to apply only to verified users with "blue checks."

"This request looks like it might be automated. To protect our users from spam and other malicious activity, we can't complete this action now. Please try again later," the message read. Twitter didn't respond to questions about whether only verified accounts couldn't tweet. 

Twitter has now removed this restriction. Users with verified accounts are now able to tweet again, but Twitter Support stated that functionality may "come and go."

"We're working to get things back to normal as quickly as possible," the tweet read.

The scam tweets end with a link pointing to where unsuspecting readers can send bitcoin. As of Wednesday afternoon, a spot check of the BTC address from the tweets shows a total received of 12.30776555 BTC, or roughly $113,572.

The Wednesday hack isn't the first time that Twitter accounts have been compromised by scammers. In 2018, hackers took control of the verified Twitter accounts of Target and Google's G Suite. In that attack, hackers exploited a third-party marketing service, not its own system, according to the company. 

Even Dorsey hasn't been immune from hacking. In 2019, Dorsey's account was compromised and the hackers tweeted out sexist, racist and anti-Semitic comments. Twitter said there was a security issue with Dorsey's mobile provider that allowed the hackers to compose and send tweets from his account via text message. In a tactic known as SIM swapping, a hacker bribes an employee of a mobile provider to get them to switch the numbers tied to the SIM card. That allows them to bypass security measures such as two-factor authentication. 

Politicians urged others not to fall for the Bitcoin scam, and some reached out to Dorsey for answers. Shortly after the hack occurred, Sen. Josh Hawley, a Republican from Missouri, asked Dorsey in a letter to respond to questions such as whether the attack threatened the security of President Donald Trump's account and its impact on the security of other users.

"I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself," he said in the letter.  "A successful attack on your system's servers represents a threat to all of your users' privacy and data security."

On Thursday, Sen. Edward Markey, a Massachusetts Democrat, called on Twitter to explain how the hack happened.

"While this scheme appears financially motivated and, as a result, presents a threat to Twitter users, imagine if these bad actors had a different intent to use powerful voices to spread disinformation to potentially interfere with our elections, disrupt the stock market, or upset our international relations," Markey said in a statement. "That is why Twitter must fully disclose what happened and what it is doing to ensure this never happens again."

Musk and Gates weren't the only high-profile accounts that appear to have been compromised. Scammy tweets were seen in the feeds for fast food chain Wendy's, Democratic presidential candidate Joe Biden, philanthropist Warren Buffett, musician Wiz Khalifa, Amazon CEO Jeff Bezos and celebrity Kim Kardashian. Scammers also appear to have targeted athletes, such as former professional boxer Floyd Mayweather, and even a popular parody account for God, along with cryptocurrency businesses.

"ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED," tweeted Cameron Winklevoss, co-founder of the Gemini cryptocurrency exchange. "We are investigating and hope to have more information shortly."

"WARNING: @Gemini's twitter account, along with a number of other crypto twitter accounts, has been hacked," added Tyler Winklevoss, echoing his twin brother and Gemini co-founder's concern. "This has resulted in @Gemini, @coinbase, @binance, and @CoinDesk, tweeting about a scam partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are SCAMS."

Tesla didn't immediately respond to a request for comment. In the US, #hacked was trending along with Bitcoin and #twitterhacked.