Twitter blocks bitcoin addresses after hack

Cryptocurrency scammers could potentially still exploit a work-around

Anthony Cuthbertson
Thursday 16 July 2020 11:23 BST
Comments
The Twitter logo is seen at the company's headquarters in San Francisco, California
The Twitter logo is seen at the company's headquarters in San Francisco, California (REUTERS/Robert Galbraith)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Twitter appears to have banned bitcoin addresses from being posted on its platform after a major hack saw high-profile accounts hijacked by cryptocurrency scammers.

Billionaires Jeff Bezos, Bill Gates and Elon Musk were all targeted in the attacks, as well as politicians Barack Obama and Joe Biden.

Messages posted to their accounts requested cryptocurrency donations, promising to send back double the amount donated.

The tweets included a bitcoin address to which the payments could be sent via digital transfer. Within hours of the attack beginning, the address had received more than 350 payments, totalling around £95,000.

The Twitter accounts targeted were briefly suspended from posting on the platform but they have since been returned to their owners and are functioning normally again.

However, it seems to be no longer possible to include bitcoin addresses in tweets.

Attempts made by The Independent resulted in a message stating: "We're sorry, we weren't able to send your tweet."

Twitter did not immediately respond to a request for comment over whether it had changed its policy regarding cryptocurrency addresses.

In a series of tweets following the hack, Twitter said the attack was the result of a "coordinated social engineering attack" by cyber criminals targeting employees who had access to internal systems. The firm stated: "We are investigating and taking steps to fix it."

Twitter CEO Jack Dorsey added: "Tough day for us at Twitter. We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of what happened."

One Twitter discovered a workaround to the bitcoin address block. Jane Manchun Wong was able to post her bitcoin address by adding a single dot to the middle of the address.

It also appears possible to post a picture of a screenshot of a bitcoin address.

Twitter has been a target for bitcoin scammers for several years, though most previous attempts have involved impersonating prominent figures rather than directly taking over their accounts.

Security experts warned people to be vigilant online, particularly when presented with too-good-to-be-true offers involving cryptocurrency.

"The incident is a great reminder to always exercise caution when viewing messages on social media, no matter who posts them," said George Glass, head of threat intelligence at UK-based cyber security firm Redscan.

"This is a serious breach and another prime illustration of how no organisation, including a Silicon Valley giant, is immune to cyber attacks."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in