Twitter bitcoin hack explained: What are cryptocurrency scams and how did site become haven for them?

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Twitter has suffered the "biggest security breach in its history", according to one cyber crime expert, but it is just the latest in a years-long campaign by criminals to scam people on the platform through the ruse of bitcoin giveaways.

Among those targeted in Wednesday's attack was billionaire entrepreneur Elon Musk, who has consistently raised concerns about the "dire problem" of cryptocurrency scams.

Typically, the scams involve fake accounts posing as high-profile Twitter users like Musk in order to hold giveaways. They request Twitter users send cryptocurrency to a digital address in order to receive a greater amount in return.

Once the money is sent, it is nearly impossible for the victims to recover their funds due to the semi-anonymous nature of bitcoin making it difficult to trace the perpetrators.

Analysis by The Independent in 2018 uncovered hundreds of transactions sent to cryptocurrency scammers operating on Twitter, resulting in thousands of dollars worth of losses for victims.

Twitter said at the time that it was cracking down on cryptocurrency scams, claiming it had developed new tools to detect "spammy and malicious" activity.

But scammers continued to proliferate on the platform, changing their username and profile pictures to match those of high-profile accounts in order to trick people.

The site's rules state that impersonating another individual for the purpose of deceiving its users is a violation of its terms of service, and will result in an account being suspended. Simply suspending an account does not solve the problem, as it is a relatively quick and simple process to set up a new account.

Following a spate of impersonations of his account earlier this year, Mr Musk tweeted: "The crypto scam level on Twitter is reaching new levels. This is not cool."

The latest attack was another level still, as rather than simply impersonate Musk and other major accounts, the scammers were actually able to hijack their accounts.

A bitcoin address used in the attacks received more than 350 payments, which totalled around £95,000, before Twitter took action to take the posts down and return the accounts to their owners.

Twitter described the attack as a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."

In a series of tweets the social media giant stated once again that it has "taken significant steps" to prevent such an attack from taking place again.

One of these measures appears to be banning bitcoin addresses from being posted on its platform, however people have already figured out workarounds.

While bitcoin scammers may no longer be able to post their digital addresses in a tweet, they are still able to tweet a screenshot of their bitcoin address, or even post their address by adding a single dot in the middle of the address.

Cryptocurrency scams will likely continue for as long as such methods are possible, though security experts say the biggest concern raised by the latest incident is not the scam itself but how the attack was carried out.

"This was the biggest security breach in Twitter's history, but ordinary users were not affected by it at all - unless they fell for the scams posted by the hacked celebrities," Mikko Hypponen, chief research officer at cyber security firm F-Secure, wrote in an emailed comment.

"In the end, this could have been much worse... The attack could have done far worse things than to scam bitcoins out of people; the attackers had access to everything. They could have done anything on Twitter. They could have started tweeting weird things in the names of the US Presidential candidates during the voting this November, for example."