Twitter’s Bitcoin hack: what happened and am I safe?

In July 2020, Twitter fell victim to one of the biggest hacks in social media history when several of the platform’s most famous accounts all started spreading a scam designed to trick users into handing over money. But what happened, and is your account safe?

What happened?

On 15th July, 2020, Twitter users were surprised to see some of its most famous users – including Barack Obama, Elon Musk, Joe Biden, Bill Gates and Jeff Bezos – all tweeting a similar offer: send cryptocurrency Bitcoin to them, and they’ll double it.

Sounds too good to be true? Unfortunately, it was. It didn’t take long for Twitter to realise it had been attacked, with the profiles of many prominent users accessed illegally to post the scam messages. Twitter said it had fallen victim to a “co-ordinated” attack which had targeted its employees “with access to internal systems and tools”.

In response to the attack, Twitter was forced to disable many verified accounts marked with blue ticks from being able to tweet, and temporarily suspended password reset requests while it tried to fix the problem. Within 24 hours, the site was largely back to normal – however in the time that the tweets in question were online, hundreds of people were fooled into giving more than $100,000 worth of Bitcoin away. It is also unclear at the time of writing what other information the hackers were able to glean from the accounts themselves. Given the calibre and profile of the victims, data in the form of private correspondence could be very valuable.

How do I keep my account safe?

On this occasion, it seems that the hack used social engineering to target Twitter employees and gain access to a number of certain high-profile accounts. There is no suggestion that other accounts were compromised.

Twitter’s security policies, which include password protection and two factor authentication, provide strong protection for most users. And if it detects a login from a new device that may not be yours, it sends an email notifying you so you can take action.

However, if you are concerned, or if it has been a while since you last changed your password, it’s a good idea to change it. This is very easy to do – simply go to the ‘settings and privacy’ tab, click on ‘account’ and then ‘password’ before following the on-screen steps.

If you want to get more out of using Twitter and other social media sites, you might want to read some of these too: