The Twitter Bitcoin Hack
For a few hours, the verified accounts of Obama, Musk, and Apple all asked the world to send Bitcoin. A Florida teenager had called Twitter's help desk.
On the afternoon of July 15, 2020, the verified accounts of Barack Obama, Elon Musk, Joe Biden, Bill Gates, Kanye West, Apple, and Uber all began posting the same offer: send Bitcoin to a specified wallet, receive double back.
A phone call, not malware
The intrusion did not come from a sophisticated piece of code. The principal attacker, a seventeen-year-old in Tampa, had spent the previous days phoning Twitter employees and pretending to be from internal IT. Eventually one of them walked through a credential reset that handed over access to a tool the company used to manage user accounts.
From inside that tool, the attackers reassigned email addresses and password reset destinations on 130 high-value handles. Once they controlled the inbox, they controlled the account.
Bitcoin, briefly
The scam itself was modest by comparison to the access. Roughly 120,000 dollars in Bitcoin flowed into the attacker wallet over a few hours before exchanges froze the addresses. Twitter, panicking, temporarily disabled all verified accounts globally — including emergency services accounts trying to broadcast public-safety information.
What the chronicle remembers
The Twitter hack was a public lesson in the gap between technical security and human security. Twitter had functioning two-factor authentication, strong encryption, and a competent security team. None of it mattered against an attacker calling the help desk in a confident voice. Customer support tools, it turned out, were the soft underbelly of every platform.