All: don't miss that there are multiple pages of comments. The top few subthreads have become so large that they fill out the first page entirely. You have to click 'More' at the bottom to see the rest, including a lot of the newest posts. Or use these links:

https://news.ycombinator.com/item?id=23851275&p=2

https://news.ycombinator.com/item?id=23851275&p=3

https://news.ycombinator.com/item?id=23851275&p=4

Edit: also, there's a related thread tracking the BTC transactions here: https://news.ycombinator.com/item?id=23851542.

In general, look for More links at the bottom of big threads. This is a performance workaround that we're hoping to drop before long, but in the meantime there's a limit of 250 or so comments per page.

Given how huge this hack is, and how little the BTC reward is going to be, I'm tempting to think this is either:

- a test of a new hacking system

- a demonstration to a big client

- a first shot to threat some entity

- a diversion while they get the real loot

And that the BTC messages are just a way to justify it so it looks like a simple scam.

Such a hack is worth way, WAY more than the few BTC it could bring.

With so many accounts compromised, the hackers might actually have full access to Twitter's backend. The postmortem would be very interesting. I'll be looking forward to it.

Imagine if the hackers timed the intrusion during github outage, and twitter's employees can't deploy a fix for the exploit fast enough because github was down!

Tweet from TwitterDev team yesterday:

https://twitter.com/TwitterDev/status/1283068902331817990

> 2 days to go… #TwitterAPI

https://twitter.com/TwitterDev/status/1283433096780677122

> Thank you to all of you who have engaged with us and shared your feedback. Your input has been vital, and we’re committed to continuing these conversations with you. There’s so much more we’re doing to build a better #TwitterAPI… and Early Access is coming tomorrow!

Were they supposed to launch some new API tomorrow which got hacked?

Elon Musk as well. Tweets still up, saying "Feeling greatful, doubling all payments sent to my BTC address!

You send $1,000, I send back $2,000! Only doing this for the next 30 minutes."

As of now, 121 people have sent cash totally more than 2.5BTC.

Edit: Just seen @BillGates compromised as well, same bitcoin account.

Edit 2: Elon's tweet seems to be getting removed, and then reposted again shortly after. About $40k sent so far.

Edit 3: Interesting to watch - on both accounts, tweets seem to be deleted and then reappear as pinned a few mins later.

Just what kind of an operation is Twitter running here? It seems crazy that they don't have any kind of anti-abuse system in place that could just block tweets with this specific Bitcoin address or possibly tweets matching the regexp of any Bitcoin address. I.e. limit the damage and buy a couple of hours while they try to find the root cause.

(Yes, yes, staged rollouts. But anti-abuse systems don't work by those rules, at least in emergencies.)

Twitter should suspend the entire platform until they can credibly fix this and prevent it in the future. An attacker could drop AMZN stock by 10% in minutes with just the wrong tweet from Bezos.

Verified Twitter user here: Locks [1] are in place, attempting to tweet throws an error: Something went wrong, but don't fret -- let's give it another shot.

At the bottom of the page, a notification appears: This request looks like it might be automated. To protect our users from spam and other malicious activity, we can't complete this action right now. Please try again later.

[1] https://twitter.com/TwitterSupport/status/128352640014683751...

Direct Messaging is still functional as of 523PM PDT.

Your site is getting hacked, you don't know how the hackers are doing it, what do you do ops wise? Take the whole site down for a few hours? Because the entire platform is compromised, how do you handle that?

So many accounts are affected, this seems to be a system-level hack rather than a compromise of individual accounts.

Someone has found a way to post a tweet from any account they like?

Kudos to Coinbase- I tried sending a small amount to the account after seeing Elon Musk's tweet, and Coinbase prevented the transaction from occurring.

Uber has been hacked as well. At this point, they can get any high profile Twitter user.

EDIT: You know this is a coordinated Twitter hack when they have Apple's account hacked [0]. https://twitter.com/Apple/status/1283506278707408900

Watch this turns out to be a JS dependency tree problem from some library that was compromised months ago in some NPM module, used in the twitter web interface.

Place your bets, phishing or bug exploit. Some of these targets are too high profile to all fall for it and probably have teams that manage these accounts securely. Edit: 2fa was bypassed, interesting. https://twitter.com/tylerwinklevoss/status/12834920178892595...

Initial postmortem: https://twitter.com/TwitterSupport/status/128359184496275046...

Seems to be a social-engineering attack on Twitter staff.

I'm flabbergasted they haven't just hit the panic button and shut everything down.

Unless, perhaps, they can't.

https://twitter.com/TwitterDev/status/1283068902331817990

Hmm.

What blows my mind is how does Twitter not have a "maintenance" mode -- where no new tweets can be posted and the site is essentially read-only?

A lot of people are asking “why a bitcoin scam?”

From what we know right now, targeted accounts had their emails and 2FA reset via an admin tool. These attacks were noisy, so the window of opportunity for the attacker was small. The attack was launched after hours, likely to limit the chance that the compromised Twitter employee would be around. So market manipulation wasn’t really a great option.

This was basically a “smash and grab” style attack, which makes sense given the noisy nature of the access. I wouldn’t be surprised if Twitter’s admin tool purposely doesn’t allow employees to silently access accounts.

Loads of accounts still tweeting it in realtime. Follow it live: https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p8...

This is what happens when you put all of your communication eggs into a single basket.

Twitter needed to be taken down a couple of pegs. I think accounts of a high enough profile may want to closely examine the ActivityPub ecosystem.

Bezos now, too!

https://twitter.com/JeffBezos/status/1283508547897171969

Is it just me, or does this seem suspiciously poorly thought out? Perhaps there is a second stage involving stock plays. The BTC thing might be a diversion.

Or we are incredibly lucky and the exploit was found by people with really bad foresight and imagination.

Partial list of hacked accounts here, https://twitter.com/Justin12393LEE/status/128349844588658688...

Mentions: - Bitcoin - Coinbase - BINANCE - CZ_Binance - Gemini - Kucoin - Gate .io - Coindesk - Tron - Justin Sun - Charlee Lee

The attack is ongoing. Why haven't they

1) shut down api endpoints 2) locked down all verified accounts 3) blocked any tweets with the btc address in them 4) make a statement if they really can't stop it?

There's a Web Archive link[0] for anyone curious.

It looks like this was pretty successful for the hacker. At the time of writing they received ~3.1 BTC, or ~$29k in USD[1].

Edit: Replaced [1] with a site that appeared to have less trackers according to Privacy Badger.

[0]: https://web.archive.org/web/20200715202030/https://twitter.c...

[1]: https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...

There is definitely a big red button at Twitter that somebody should have pressed an hour ago.

Twitter is seriously out of control.

They should have pulled the plug an hour ago, and that plug pulling should have been automated.

If this were something even more sinister a whole country could have plummeted into chaos, death, destruction.

This is the earliest non-deleted tweet I've found referencing the bitcoin address (or rather, noticing that an account got hacked). It was sent at 12:23PM Pacific time (more than 1.5 hours ago): https://twitter.com/lawmaster/status/1283481418518208513

Still going on. https://twitter.com/BillGates/status/1283503731682811907 What a disaster this stuff. Wonder how it was done.

This is going to be a hilarious postmortem. If we ever see it.

My wild, unfounded conjecture: the attacker discovered this recently and had only a short, fixed time window in which to run a scam. Maybe the time before some maintenance update? So none of the more sophisticated approaches (like selling to the highest bidder or manipulating some stocks) were practical before the vulnerability would be repaired. If you imagine short notice and a couple-hour window when US markets were closed, are alternative hacks really that much more lucrative?

Everyone say a prayer for Twitter engineers trying to fix this tonight

WTF. I'm baffled. How have they not either

* thrown the site in read only mode OR

* taken the entire site down

Until they can fix the security vulnerabilities. That would be better than what is happening now.

Okay here is my mostly baseless conspiracy theory:

As many others have noted, access to the compromised accounts is worth several orders of magnitude more money than the hackers were able to extract using this naive bitcoin scam. Whether it's used to manipulate markets or just resold, the hack is probably worth millions or tens of millions. Is it plausible that hackers who could coordinate and execute this kind of a breach would not know how to maximize the value of the hack and would instead opt for a really naive and not especially lucrative BTC scam?

It is also pretty common knowledge that the activist investor hedge fund Elliott Management has wanted Jack Dorsey removed as Twitter's CEO for quite some time. What if the BTC scam is a cover for corporate espionage? What if the purpose of the hack was actually to make Dorsey look incompetent in the most public way possible, and possibly turn many influential public figures against Twitter? Elliott Management has the resources to finance a breach like this as well as the motive.

An alternate theory would be that this actually was a form of market manipulation -- manipulation of Twitter's share price.

for 15 minutes society was perfect, i felt invigorated and had the ability to dream new dreams, and we were all loving friends. and then the blue checks came back.

Is the attack now changing usernames to the BTC address or are these people just trolling?

https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p8...

I'm honestly surprised that Twitter doesn't have some sort of circuit breaking for such gigantic attack towards major accounts. It's a PR nightmare that a circuit breaker would help a bit with, no?

Obama https://twitter.com/BarackObama/status/1283515490653147139

Also: - Musk - Bill Gates - Apple - Uber - Jeff Bezos - Joe Biden - MrBeast

Seems like the hacker has got 100% access to Twitter's backend and is just not able to decide whom to attack next!

One after another big handles getting hacked!

Collection till now has crossed 12 BTC (https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...)

It would be incredibly irresponsible if there isn't a team at Twitter right now working to bring the whole site down.

It's one thing going after a couple celebrities and CEOs, but they've now hit a former US President and a current Presidential candidate.

I posted this here and it got flagged.

https://twitter.com/asculthorpe/status/1283501026281127937

Try to warn people and you get slammed for it.

Ugh.

Could this be related to the Executive Order POTUS signed yesterday on Hong Kong Normalization?

https://www.whitehouse.gov/presidential-actions/presidents-e...

That's really light in details, TC has more juice about the situation IMHO: https://techcrunch.com/2020/07/15/twitter-accounts-hacked-cr...

The wallet that the hacker who got Elon posted has been given 5.7 BTC and counting: https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...

This must be a twitter exploit. Just too many high profile accounts have been pushing out scams at the same time.

I have a question to ask you all. If I wanted to study things to get to the point where internally/externally I could coordinate a hack of this magnitude, what things do I need to study? What are the technical things needed to pull something like this off? What are the social corporate things I needed to know to pull this off? I know that we don't have specifics, but I'm asking as a pure academic exercise how much I'd need to know to pull this off, and how to get away with it too.

Lots and lots of crypto accounts hacked. Either Twitter is hacked or some automated tweeting system has a 0day.

This raises so much questions about Tech giants security. If they could do this manipulating elections or so much power with one system.

"Security is Myth."

Wonder if this could have been done by a rogue employee at Twitter? Since they are working from home during COVID, wonder what internal controls they have? I know some wondered if they used serveral high profile accounts, why not the presidents then? Well Twitter put extra protections on his account after an employee on their last day decided to suspend his account for 11 minutes. So if this isn't an hack and done internally that might be a clue.

I was surprised Apple especially got their account hacked, since they are big on security as a company. I know with Facebook a page can have multiple person accounts managing it, but I don't believe Twitter ever had such a thing unless more recently... So if you want multiple people to manage an account you'd use a special tool or just share the login info between your social media team.

I kinda feel like if you have to commute to an office, maybe more accountability as I'd feel someone might be looking more over your shoulder but I'd depend if someone gets private offices or a more open office design.

Posts stopped for the other btc address (bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh)

Here's a tweet from KimKardashian, for a different BTC address (bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l) https://twitter.com/KimKardashian/status/1283523054874877953

With the way that Elon tweets normally, someone could have done a lot of damage before anyone realized. Luckily markets have closed already.

It's amusing that this is so successful only because of all the people posting their triumphant screenshots of success in losing all their money.

All it takes is 100 gullible people to net $100k, and there's a lot more than 100 gullible people on Twitter.

And it all happened in the span of 20 minutes. Can we expect any better response in the hopes of preventing this next time assuming all the accounts are hacked already? Or does the nature of realtime media and hundreds of bored eyes sitting on wads of cryptocurrency getting to it first mean it's just game over?

I remember the golden days of messing up people's lives over digital terminals, where the most they'd do was wipe your harddisk or warn the user of something vaguely ominous on the third Tuesday of April like "the Reaper's gonna get you" or play an 80's Top Ten number rendered through the PC speaker all of the sudden scaring you to death.

From here on out it's always going to be about money, and to me that's just boring and sad.

Should Twitter start supporting cryptographically signed messages? In any case, I wonder about the legal ramifications of this kind of event, for Twitter and for the individuals that have been hacked.

It's a very very loud attack, no doubt. But how sophisticated it's? Probably not as much as many think. As early reports suggest the attack was done via a stolen employee's token, it suggests the attacker has access to the employee's web browser. Potentially some malware extension that silently sniffs traffic to twitter?

Has Twitter's forever WFH policy resulted in this Zero Day Vector or Whatever it is! Which has resulted in Hacking of So many big Accounts and Bitcoin Scam?

So far people have sent:

Transactions 253

Total Received $101,539.14

Link to address:

https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...

All of Apple's tweets are gone

https://twitter.com/Apple

So Twitter's killswitch is that verified accounts cant tweet any more...

Vive la plebs!

https://twitter.com/brandontwall/status/1283525485440503811

Hours in, seems the vulnerability was not yet patched but simply blue-checks had posting rights pulled. Only non-verified accounts have been posting the wallet key for a while now (search new to find them).

I know it's easy to judge from afar but I can't believe they're leaving the site up during this.

The domain associated with first round of tweets wasn't anonymized.

Could be a setup https://twitter.com/jfbsbnix/status/1283487977591767041

Or maybe a dodge https://twitter.com/verretor/status/1283506654521094146

This is looking really bad, I wonder what they used to get access to all these high-profile accounts?

It's worth noting these types of blackhat crypto scammers make millions a year from this already, but this is definitely making it a lot worse.

EDIT: Still going on after 30+ minutes, seeing people like Bill Gates tweet crypto scams still. Amazed they got all the crypto exchange too.

And it's not just Bitcoin, they got RIpple too and posted XRP addresses.

Why is twitter optimizing uptime instead of trust?

Trying to figure out why would they let such a massive hack play out for over an hour instead of pulling the kill switch.

I have a couple of services that run on twitter API and they have all been suspended in the last half hour. They are definitely in damage control mode.

Recent update: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."

https://twitter.com/TwitterSupport/status/128359184646423347...

Shameless plug: All the companies(Google, Microsoft...) are telling trust us. But, I believe that we should trust us instead of relying on third parties. They always change when businesses interest changes. This is where web3 is coming to play. Technologies like IFFS, safe network are coming. Looking at the scale issue, I guess this web3 takes at least 5 more years. But, this kind p2p technology is possible with small-scaled mesh. Mesh networks within our devices or families. From the beginning, I hate the idea of storing passwords in the third-party password manager. Later, I fell into the same trap because a managing lot of passwords is difficult. So, I building an open-source p2p password manger. Replicates the passwords within your devices, instead of storing everything at the vendor's cloud. It's half-way for the closed beta release. I would like to hear everyone's feedback on this idea.

Thanks

Seems like they reposted it on the cash app account. This time it’s a different address.

New Address: bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w9l https://mobile.twitter.com/CashApp/status/128352200769559757....

Isn't it obvious? All the hacked accounts were fake accounts from the start managed by twitter employees who fill them with content every day to simulate an active social network. The hack just revealed that Twitter in fact rules the world and all these other companies, billionaires and celebrities simply don't exist.

Imagine for a moment that this ends up being something state-sponsored or that twitters entire DB gets dumped, private accounts and all.

This could have a profound impact on governments who want to target dissidents if somebody for example, only felt comfortable criticizing their government from a protected account...

My bet is on one of those social media managers like Hootsuite/Social Blade/Buffer getting hacked.

Btc address in the explorer to see how much was deposited https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...

Whoever hacked Twitter today definitely got major access to their backend: https://twitter.com/whoisjuan/status/1283502962103455744?s=2...

I was thinking the other day about a digital signature for limited character tweets.

Provided I’m not a cryptography expert and you should explore my ideas with caution, why not even just sign every tweet with an ed25519 signature? It’s on 64 bytes tacked onto the message and easy to verify...

About $110k in the address. Honestly not that impressive for a hack of this scale. I wonder what they could have gotten if they reported this for a bug bounty instead.

Or as Matt Levine said, "if I got Elon Musk's twitter password I'd wait until market hours to use it."

This reminds me of Colin.

Back in 2013 when I was working at Sky News, the person responsible for the social media accounts (with millions of followers in total) stormed into a meeting: "Our Twitter account has been hacked".

This was at a time when many high-profile news Twitter accounts were hacked by so-called "electronic armies" who published damaging tweets. However in our case it was a single obscure "Colin was here" tweet.

We had recently built an internal endpoint in one of the backend apps that takes a string and publishes it straight to the main breaking news Twitter account. This was integrated with a custom UI tool that the news desk people used to quickly break a story across TV, Twitter, the website etc with one click.

I had a suspicion that this endpoint was how that tweet was published, but could not prove it. Many thoughts were going through my head.. “is this an internal job, or did someone hack our backend system and somehow figured this out etc.. “

We quickly returned to our desks, and straight away I greped our logs for "tweeting" as I developed that feature and was sure we logged that when the endpoint is called, but in the heat of the moment forgot that to “-i” as it the log message actually contained "Tweeting" (which cost us a few minutes). In the meantime there was panic around the business, people were putting out PR statements just in case it was a real hack, the tweet was deleted etc.

Finally, with help from colleagues, we tracked down a "Tweeting" log message around the same time the tweet was published along with the HTTP request source IP, and traced it (just like in movies) to our secondary news studio in Central London. This is when one of the managers shouted "I know a Colin who works there, he's a testing team manager!".

We gave Colin a ring to understand what was going on, he had no idea about any of this but said he was doing some DR testing earlier of all tools that editors use, and wasn’t really aware this would go out. As you can imagine, it could have been much worse.

The entertaining bit was the 30 minutes of fame this mysterious Colin enjoyed on the internet, where many people were worried about the welfare of "Colin", and it was picked up by various [1] news [2] websites.

[1] https://www.buzzfeed.com/lukelewis/an-important-history-of-t... [2] https://www.buzzfeed.com/lukelewis/an-important-history-of-t...

Archive of Elon's tweet https://web.archive.org/web/20200715203559/https://twitter.c...

Why isn't twitter taking its infrastructure down?

This "send me btc to send you more btc"scam has been happening for the past few months and Charles Hoskinson (https://twitter.com/IOHK_Charles), founder of the Cardano blockchain was warning about this issue for a while, he mentioned his team was trying to get in touch with twitter and youtube to stop this and these companies have let this slide for a while.

[edit]

some are wondering if this is some type of money laundering scheme https://twitter.com/nktpnd/status/1283521742602940420

Strange coincidence tweet by Jack Dorsey from last evening:

https://twitter.com/jack/status/1283169859233214465

> #bitcoin @BubbaWallace

> “I am giving back to my fans. All Bitcoin sent to my address below will be sent back doubled.”

So Twitter is the real-life Jita local chat? Does this also mean BTC is as meaningless as ISK, that people are willing to gamble it on a doubling scam?

This reminds me of 2013 when The Associated Press was hacked with a tweet of "Breaking: Two Explosions in the White House and Barack Obama is injured" and erased $136 billion in equity market value:

Archive: http://archive.is/8lCMV

https://www.washingtonpost.com/news/worldviews/wp/2013/04/23...

Wouldn't it be possible to block this attack by flagging all tweets containing the Bitcoin address in question? I would've assumed that Twitter could do something like this, maybe even already set up an automated system.

Twitter support thread: https://twitter.com/TwitterSupport/status/128359184496275046...

The title is inaccurate. The Twitter accounts hacked are far more important than just a couple of prominent cryptocurrency accounts.

Obama is in there, Jeff Bezos, Bill Gates and many other prominents that have nothing to do with crypto.

All @apple tweets removed?

    @Apple hasn’t Tweeted
    When they do, their Tweets will show up here.

Pics of tweets: https://twitter.com/TheHackersNews/status/128350208126595072...

Finally Twitter wakes up and Twitter support tweets: "You may be unable to Tweet or reset your password while we review and address this incident."

Not clear who is You here, all accounts are just verified or selected accounts.

I am sorry but either from the article or discussion here, I am not exactly clear what has happened. Can someone explain ? Meaning did the user accounts on Twitter got hacked or the actual company websites ? Or both ?

Elon Musk again - https://twitter.com/elonmusk/status/1283520825782566912

Jeff Bezos just got hit as well:

https://twitter.com/JeffBezos/status/1283508547897171969

They are posting to almost every other account, high profile or not. Its a massive spam, too much users to be a password steal.

About the client, they are post from accounts that have only used "Twitter for Web" or only used "Twitter for Mac" or only used "Twitter for iPhone"... in the past

Updated accounts with the spam.

https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p8...

Multiple folks on Twitter saying all verified accounts have been locked.

The BTC address used by the malicious actors has received ~13 BTC so far. That's around $120k in value at the time of me writing this comment.

Not sure if such a massive, simultaneous hacking operation makes sense for ~$120k worth of BTC. As other commenters mentioned, postmortem of this one should be interesting.

https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...

Obama too:

https://twitter.com/BarackObama/status/1283515490653147139

Listing some out that I've seen:

@Apple @Uber @elonmusk @kanye @MikeBloomberg @JoeBiden @WarrenBuffet @wizkhalifa @BarackObama @JeffBezos @MrBeastYT @FloydMayweather @LuckyovLegends @xxxtentacion

Worldwide verified accounts are now disable (can favorite and retweet but not post messages), and I imagine that soon we'll see unverified accounts also being targeted.

Obama just tweeted out the same thing. It seems all of twitter has been hacked. The post mortem will sure be interesting. Also interested in how TWTR gets affected.

If you take a look at some of the transactions, you will see some interesting addresses like:

1JustReadALL1111111111111114ptkoK

1TransactionoutputsAsTexta13AtQyk

1YouTakeRiskWhenUseBitcoin11cGozM

1BitcoinisTraceabLe1111111ZvyqNWW

1WhyNotMonero777777777777a14A99D8

1forYourTwitterGame111111112XNLpa

Link: https://www.blockchain.com/btc/tx/67b814526ae6ee78a16059bfcf...

Seems to me twitter should hire some humans to sit there and manually approve every tweet by all VIP accounts before they go live. How hard could that be? If that’s all they do you’re adding maybe a 30 second delay to every VIP tweet and you’re pretty much guaranteeing that this doesn’t happen again. Unless of course the hackers somehow inserted the tweet directly to the database and bypassing any such measures.

Oh wow, now they're doing multiple tweets/minute: https://twitter.com/search?q=bc1qxy2kgdygjrsqtzq2n0yrf2493p8...

It might make sense for Twitter to redirect all non-retweets of that address to /dev/null (or a sandbox) for a little while.

I do not think it is hyperbolic at all that I immediately just felt the hand move a full minute towards midnight.

This is suspiciously underwhelming use of an exploit.

People who don't want scrutiny from their old tweets want an easy way to delete/wipe their tweets. There are a load of software out there that claim to do this. They all relatively take over the oAuth chain, and do the needful. But one of them does it as if you were in your browser. As to not give away information about the user's phone/type/version.

It's so easy for a Twitter user to use a a later compromised 3rd party app, only having to press a button to authorize the entire oauth chain. Look at hosted packages or artifacts in dockerhub, GitHub, ruby, pypi, etc. Malicious things like this are everywhere, dormant on systems until the right group can leverage against end users. Imagine if tweekdeck was compromised.

Still going on as of this post time. Elon's just went off again.

Over 30ish minutes now. Holy shit, it's going to be fun to see the outcome of this.

So, has twitter deleted all the bogus tweets at this point? I have clicked on multiple links just to see a bunch of context-less replies.

I can't imaging some of those hacked people not having extremely good security habits. 2FA, long unique ramdom-generated passwords not used anywhere else, and secured phones that would be hard to do a SIM swap on.

Which leads me to believe someone has really hacked twitter in a bad way or there's someone on the inside helping them.

Hackers still actively tweeting out from everyone's accounts

https://twitter.com/search?q=All%20Bitcoin%20sent%20to%20the...

Funnily enough, the Tweet made me immediately think whoever wrote it speaks French natively. In French grammar, there needs to be space before any punctuation with exactly two parts (e.g. ":", "!", or "?"), and it's a common error for French-natives to do the same in English.

Just imagine if they have to shutdown twitter momentarily —- it has been a long time since the last big fail whale

I'm guessing use of 2FA internally could have prevented this intrusion but that's a hassle so...

My original comment was deleted, so I'll try this again.

I've read the comments here and quite surprisingly there are a lot of folks saying that the value of this hack isn't worth more than roughly one year's salary at Twitter (as an intern). I appreciate the pragmatism, but unlikely.

Anyone with this kind of exploit could have sold it, moved to Russia, and received immunity from extradition. Secondly, people should be scrutinizing any moron willing to give away thousands of dollars to billionaires for a promise of a 2x return. Especially in these times.

So, reason can only allow us to arrive at a most likely cause. That this was indeed an inside job. It was not about money. It was not a security flaw. But rather, it was simply a group of employees that were unhappy with Twitter allowing the federal government to investigate bad actors on the platform behind closed doors.

And here is why: https://www.scribd.com/document/467148777/DHS-Social-Media-L...

I could imagine a faked tweet attributed to Trump that could immediately begin mobilization in other countries to prepare for war. There are several fake tweets from the Bezon/Musk I could imagine that could credibly send the stock price of AMZN down by 10%, TSLA down by 50% in a matter of minutes.

Attacker(s) could profit immensely if they had leveraged short positions cleverly placed.

Users losing a few hundred thousand is getting off light considering the severity of this attack and how much worse it could have been.

Does this mean they can also login to any account connected with OATH. Many sites allow Twitter auth.

According to Blockchain.com, more than $100,000 was received at that address about an hour after the first hack, which appears to have tricked more than 350 users. https://archive.vn/QOp4M

This may be the last straw that tips politicians over into considering Twitter & co utilities - stuff that the gov has a say in running because failure is unacceptable to the public.

Not that I think the gov could do a better job, but that doesn't stop them elsewhere.

The scammer's address: https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...

Here's an official update from Twitter: https://twitter.com/TwitterSupport/status/128359184496275046...

The attacker already made over 5 BTC:

https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n...

Looks like verified users can tweet again: https://twitter.com/TaylorLorenz/status/1283531947877294082

Poll: Will this affect your trust in Twitter as a source of information? If no, why not?

Instead of taking a screenshot, archive Tweets with https://archive.is/ before they disappear. (The Wayback machine doesn’t work with Twitter due to robots.txt)

Hackers still posting using Elon's account: https://twitter.com/elonmusk/status/1283520825782566912

Some pics of the tweets: https://twitter.com/TheHackersNews/status/128350208126595072...

I am wondering if the hackers had access to the private messages of these accounts?

Please be kind to the people that are working on this problem, right now, at Twitter and the countless hours that will need to go into remedying it.

Hopefully, an eventual post-mortem is gonna be juicy and then we can critique all we want.

Verified Twitter accounts can no longer Tweet while incident is being dealt with.

The attacker must have added some high level access, for it to be still ongoing.

Twitter should just ban all Btc address posting momentarily until this is solved

What could have been the best prank of 2020 wasted on a bitcoin scam. If it were me, I'd try to start a war or two as the ayatollah, or maybe make some unplanned celebrity trump endorsements. Wasted potential.

and Obama https://twitter.com/BarackObama/status/1283515490653147139

https://twitter.com/NorthmanTrader/status/128351633976891801...

Expect POTUS to go to DEFCON 1 and seize control of Twitter any second now.

> At least some of the compromised accounts have multi-factor authentication enabled, including CoinDesk's.

Interesting. I wonder if it was a SMS hack, and if not, then a new kind of vulnerability?

The hackers made more profit in 5 minutes than Twitter has in 10 years

Twitter support tweeted: "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly."

The screenshots seem to show accounts shadow-banned, something Twitter denied doing for years... I am referring to those labels showing banned from search, etc. Seems interesting.

Some reports that this was related to compromised OAuth tokens. How would someone know and what is the source of the compromise? A third party app that all of these accounts use?

Do we think scammers also have access to the hacked account’s DMs?

It's really strange to claim it was "simultaneous" account hacking instead of Twitter being hacked. I guess all journalism today has 50% opinion in the middle.

These hackers are clearly amateurs. If you're going to post crypto scams on hijacked Twitter accounts you can't NOT include John McAfee's account. Seriously.

Imagine buying puts on TSLA and tweeting this from @elonmusk:

> Stepping down from TSLA effectively immediately. Focusing 100% on SpaceX. Life's short.

This could easily be worth $100m's

Everyone here is suggesting a monetary motive. Maybe there's a political motive--someone who really hates Twitter or serves to benefit if Twitter suffers.

I also got an email verification request for an old Reddit account I didn’t even remember having. Take a look there too. It happened at the same time.

Barack Obama too: https://imgur.com/a/KGTEQNt

I wonder what the automated trading bots tracking these accounts did.

Will Twitter get sued by the people who fell for this scam? By the people who got hacked?

This is likely due to third-party social media account management software getting hacked. And they probably used compromised API tokens.

How many DM’s would have been read ... could it be for black mailing? Anyways would love to see a postmortem ( if Twitter shares such)

Work from home wouldn't backfire, they said.

Apple too: https://imgur.com/ZvPshMX.jpg

Really surprised by this. I suspect a system-level 2FA hack or a bug exploit, all these people woudln't fall for phishing

Jeff Bezos too.

https://imgur.com/a/Zd668ao

Maybe it's Dr DisRespect's revenge.

All type of accounts are posting the same message. Out of curiosity I just deactivated mine, let's see what happens.

Joe Biden's turn https://twitter.com/JoeBiden/status/1283512317846659073

Can't help imagining twitter engineers holding the last line of defense between the hackers and trumps account.

It appears Twitter has now prevented verified accounts from posting. Us schlubs can now run the asylum for a while.

dang, if you would collapse all threads by default and only show/load top level comments, you probably would not even need this performance workaround. On the first page of your performance workaround, there was only 4 top-level comments... probably less than 100 total, I would guess (for most posts).

One possibility is that a twitter employee was blackmailed with some personal information and forced to do this.

In an attempt to mitigate the damage, Twitter appears to have blocked verified accounts from sending tweets.

I wonder whether this is just write-only, or if they've been able to read private data (like DMs) too.

This is nuts, Twitter is totally compromised and they haven’t pulled the plug. Not confidence inspiring.

All in all that looks like a poorly thought out attack. So much more could've been done than cryptoscam.

Considering execution, it may be that this is some API 0day which does not show (or make it hard to guess) which account messages are being posted from. How else would you explain neutral messages for all account when you could've personalised it per account to maximize efficiency.

I love the internet so much right now.

> With so many accounts compromised, the hackers might actually have full access to Twitter's backend.

This.

Headline seems pretty editorialized.

Looks like hackers got approx 60K. Anybody know how that compares to bug bounties at Twitter?

This doesn't make me feel any better about Bitcoin as a platform/product.

rumors say the hacker got access to an internal (used by employees) admin panel...

I guess an employee screwing up thing is easier to imagine now with everybody wfh

Is this the beginning of the end for twitter? Tweets can not be trusted anymore.

Curiously, Elon's btc address is different from the others. Nice try, elon.

Did someone gain access to the Twitter building in SF while everyone was away?

They didn't hack anything, the access was given to them by an insider.

If they made a movie about how these guys did it, I would totally watch it.

These are already removed. Does anyone have a screenshot or other archive?

Hahah looks like it's getting closer: OAuth account takeover? https://twitter.com/LiveOverflow/status/1283511782380908545

I wonder what a bug bounty for something like this would have paid out.

The scammer has got $100k and counting in less than 30mins. WOW 2020.

$113k scammed and counting.... Why is twitter still in write mode??

How did they possibly steal Elon Musk's Twitter account? We need a post-mortem on this because if he can be phished, then we need to know how, and if it was some internal hack then I also need to know how. That's extremely scary!

This seems more and more like a diversion for something else.

A lot of people (rightly) pointing out that the actual exploit payload here is a horribly inefficient way to monetize such awesome power. Some of the replies that influencing regulated markets would be traceable...sure, but trillions of dollars flow through these markets each and every day. A decently large options position accumulated over days wouldn't raise any red flags, and one tweet about the Fed raising rates on the back of strong employment + vaccine hope would have sent markets into a tailspin. The reality is that it would be much more difficult to identify bad actors than it is with public crypto addresses. And your money is clean at that point, part of the US financial system (or other tier 1 banking system).

Does this mean that Twitter is now not to be trusted?

Twitter right now: https://twitter.com/i/status/1283517347894980610

Did the hackers remove all tweets from Apple? Wtf

Exchanges should[can] blacklist the address.

Interesting how @Apple currently displays zero tweets at all.

https://twitter.com/Apple

Oh finally, some real news about hackers.

Whoever did this is going to have a serious price on their heads. I doubt the pay off is worth it unless they are a state actor flexing their muscle.

Instead of putting so much engineering time into pushing a political agenda, twitter should focus on security and identity improvements.

https://gifyu.com/image/QrnS

So which ones of you did this? ;)

I've seen the groundwork for this over the last 6-8 weeks, with 'people' (questionable-looking accounts) retweeting screenshots of similar-looking tweets purporting to be from Elon Musk, and other similarly fishy accounts going 'wow it really works' or the like. I noticed them showing up consistently in replies to Trump tweets, probably just because they get tons of engagement.

Apple and Kanye West too.

So, does no one think this was China doing a 'we can do what we want when we want' as a response to Trump's executive order the day before this happened? And if it is, would they be honest about the cause since that would require a response and likely an escalation?

Just imagine if Trump’s account were hacked to indicate that the US is launching a missile towards North Korea. Or maybe a message to encourage some kind of armed uprising in the US.

Hacking the right Twitter account could easily have massive life-and-death consequences. Isn’t that terrifying?

I find it fascinating that they didn't target @POTUS/@realDonaldTrump. I wonder if there are specific mechanisms in place to protect accounts that could, y'know, start WW3, that aren't rolled out to other blue checkmark accounts.

A clear use case of Blockchain for the cryptocurrency detractors \s

I don't think anyone appreciates how scary this is. A simple BTC scam or even market manipulation is one thing. Can you imagine the mass panic if there were one sombre tweet from Trump's account about a nuclear strike?

Security is myth

Get the popcorn!

#cancelTwitter

Did they send one out from Trump as well? Imagine the mayhem if they send out a notice that he’s resigning or that he is launching nukes.

Are very high profile accounts (like Trump) more secure than a usual password + 2FA, somehow ?

EDIT: Not that it would matter here. Just curious.

How is this different from the persistent “Elon Musk” btc giveaway posts that find their way onto every one of Trump’s tweets?

Notable that Trump is not impacted.

If you had backdoor access to any Twitter account, why on earth wouldn't you tweet as Trump?

also all @apple tweets have been deleted lol the hacker already got 6 BTC! this is crazy.

Wait... So the hackers were able to target Joe Biden's account, Barrack Obama's, but not Trump's?

That is very odd.

Chilling to imagine a tweet from Trump declaring a nuclear strike has been launched against China.

hard to feel sorry for anyone who falls for this.

No Trump?

Related https://news.ycombinator.com/item?id=23853786

I really HOPE the details of this hack become public, because this is huge. (I can already hear celebs who say dubious things trying to claim they were hacked.)

Top crypto currency accounts compromised

This entire thread and not one mention of 4Chan. Why isn't this simply an insider with a few friends doing this for fun?

This must be a shot over someone's bow.

Edit: Or a trading play? That would have taken place while the markets were open, though. TWTR after-hours trading is off 3% on the news.

All Apple Tweets are now deleted

https://twitter.com/apple and now one scam alone https://twitter.com/Apple/status/1283506278707408900

I've never heard of Hacker News censoring comments that do not abuse the site guidelines, with rational opinions. This comment thread is being heavily censored. This fundamentally abuses the trust that users have put into this site.