Twitter accounts belonging to Democratic presidential nominee Joe Biden, former US president Barack Obama, reality star Kim Kardashian West and her husband Kanye West, and Tesla CEO Elon Musk were hacked on Wednesday to promote a bitcoin scam.
The hack is the latest breach of high-profile Twitter accounts and an evolution of a long-running scam that has persisted on the social network for the last two and a half years. Since at least the start of 2018, scammers have created fake accounts mimicking Musk, President Donald Trump, and other celebrities to lure in unsuspecting individuals to send bitcoin or other forms of cryptocurrency with the promise that they’d have their money doubled or tripled in return.
A Twitter spokesperson said that the issue was “being looked into.” Tweets promoting the scam continued to persist across various verified accounts on Wednesday afternoon. According to cryptocurrency publication CoinDesk, which also had its account hacked, some of the affected accounts had two-factory security enabled.
While previous cryptocurrency scams have tended to mimic verified Twitter users by creating accounts with similar handles, avatars, and cover photos, Wednesday’s scam was different in that the unknown hacker gained access to real accounts to proliferate their scam. The initial scam tweet promoting the fake giveaway from Musk’s account, which has nearly 37 million followers, went up at 1:17 p.m. PT.
While Musk's first tweet was removed, at least three others went up from Musk’s account promoting the same wallet. Similar messages were posted to verified accounts for Obama, Microsoft founder Bill Gates, Apple, and Uber.
Hacked accounts went on to pin tweets promoting the giveaway scam to the top of verified profiles or retweet the messages. Other accounts that were hit included rappers Wiz Khalifa and the late XXXtentacion; boxer Floyd Mayweather; and billionaires Jeff Bezos, Mike Bloomberg, and Warren Buffett.
The initial bitcoin wallet address associated with the scam showed transactions on Wednesday afternoon suggesting more than $118,000 worth of the cryptocurrency had been deposited, of which about $61,000 worth of bitcoin had been removed. A second wallet that emerged in later scam tweets, suggested about $5,000 worth of bitcoin had been received, of which $2,700 had been removed.