The Twitter (TWTR) - Get Twitter, Inc. Report accounts of Tesla (TSLA) - Get Tesla Inc Report CEO Elon Musk, Amazon (AMZN) - Get Amazon.com, Inc. Report CEO Jeff Bezos and other high-profile individuals were apparently compromised on Wednesday by a person or group seeking cryptocurrency.
The first tweet was sent from Musk's account, with the messaging claiming he was "feeling generous because of Covid-19" and promising to double all payments sent to a particular Bitcoin address. After the first tweet was deleted, two others appeared with a similar message.
Similar tweets were subsequently sent from the accounts of Bezos, Microsoft (MSFT) - Get Microsoft Corporation (MSFT) Report founder Bill Gates, former New York City Mayor Mike Bloomberg, former President Barack Obama and from Apple's (AAPL) - Get Apple Inc. (AAPL) Report corporate Twitter account, among others. Suspicious tweets also appeared on the accounts of various cryptocurrency companies, suggesting that the tweets were part of a bitcoin collection scam.
Twitter shares were down 4% in after-hours trading.
All the high-profile, questionable tweets were deleted in short order, but CNBC and others published screenshots of several.
Twitter confirmed the security issue in a tweet, saying that they were investigating the incident.
Cameron Winklevoss, co-founder of the cryptocurrency firm Gemini, explained in a tweet that hackers attempted to take over Gemini's account as well, along with the accounts of peer firms.
Other executives in cryptocurrency firms posted similar warnings that the fishy messages were indeed part of a scam.
According to Blockchain.com, a public ledger of Bitcoin accounts, the account the tweets directed to had accumulated more than $57,000 worth in bitcoin over 355 transactions.
A different, but apparently related wave of messages, sent from the accounts of various cryptocurrency firms, claimed a partnership with something called "Crypto For Health" and prompted followers to claim crypto rewards at an associated link.
"This is a common scam that has persisted for a few years now, where scammers will impersonate notable cryptocurrency figures or individuals," said Satnam Narang, a researcher at Tenable who studies social media scams. "What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams...we strongly advise users never to participate in so-called giveaways or opportunities that claim to double your cryptocurrency because they’re almost always guaranteed to be a scam."
The accounts of former Vice President Joe Biden, rapper and producer Kanye West, Uber, and Warren Buffet were also targeted in the attack.
It's unclear right now how the hacking of high-profile Twitter accounts was perpetrated, but Twitter said that it temporarily prevented some "verified" accounts from tweeting as it investigated how the attack took place.
“The Twitter hack pumping a Bitcoin link is extremely troubling given the early reports that some of the accounts in question had multi-factor authentication [MFA] in use," added Richard Bird of security firm Ping Identity. "MFA has been shown to be exploitable, but predominantly through social engineering methods. That seems unlikely in this case, making a full disclosure from Twitter on the methods used by the bad actors all the more important."
This story is developing. Please check back for updates.