Elon Musk, Bill Gates, and Apple Twitter accounts hijacked by Bitcoin scammers

Update 3: After a few hours of verified users being unable to tweet, the system is returning to normal, although Twitter warned that "functionality may come and go" as it works to fully fix the problem.

Update 2: A Vice report suggests the perpetrators may have had access to an internal Twitter tool. Whatever the case, the attack is clearly widespread enough that it isn't simply an issue with indivudal account security.

While it addresses the problem, Twitter has temporarily prevented verified accounts from tweeting. (That includes PC Gamer's account.)

we're doomed pic.twitter.com/KxPx3mPwUiJuly 15, 2020

Original story: You may have noticed on Twitter that both Bill Gates and Elon Musk were overtaken by the spirit of generosity earlier today, offering to pay back double whatever was sent to their Bitcoin accounts. So, for instance, if you sent $1,000 to Musk's Bitcoin address, he'd give you back $2,000. It's just that easy! And, in case there was any doubt, it was a scam.

It seemed odd at first that Gates and Musk wouldn't have two-factor authentication enabled on their accounts, but they weren't the only ones whose accounts were compromised: Cash App, Apple, and Uber were all impacted as well. Individual account security may have had nothing to do with it.

Bill Gates, Elon Musk, and many other high profile Twitter accounts seem to have been breached. The tweets look like they're sent from Twitter's website, rather than a third-party app. People are even falling for the BTC scam pic.twitter.com/wv5p3oR0aAJuly 15, 2020

Cameron Winklevoss, who founded the Gemini crypocurrency exchange, confirmed that the Gemini account had 2FA enabled, but was compromised anyway.

ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED.2FA / strong password was used for @Gemini account. We are investigating and hope to have more information shortly. https://t.co/X3C0uJzc6CJuly 15, 2020

It's not clear how the hack is getting around 2FA, but Foo VR founder Will Smith theorized that a "commonly used tool," possibly related to analytics or scheduling, could be the culprit.

Dollars to donuts it's some commonly used tool (analytics, scheduled posting, or whatevs) that got hacked, and not actually Twitter proper.July 15, 2020

Quite a few people appear to be falling for the scam. The Verge pointed out that public records of transactions reveal dozens of payments made to hacked accounts, totaling tens of thousands of dollars.

Even if 2FA wouldn't necessarily have spared these accounts in this case, especially if a third-party tool is involved, it's still a good idea to have it switched on. If you're not sure how to do it, the Twitter Help Center can guide you through the process.

Twitter said on its support account that it's aware of the issue, and investigating. We've reached out for more information, and will update when we know more.

TOPICS

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.