A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, were breached on Wednesday.
The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address in exchange for a larger pay back.
The official account for former vice president and US presidential candidate Joe Biden was also hacked. Hackers also breached the official account of former president Barack Obama.
Here are some of the breached accounts we have identified so far:
Twitter said in an official statement: "We are aware of a security incident impacting accounts Twitter accounts. We are investigating and taking steps to fix it. We will update everyone shortly". As part of the company's remediation efforts, verified accounts, used to promote the scam, have been blocked from tweeting.
Most of the hacked accounts have now been restored to the owner's possession and the scam posts removed. However, the bitcoin address mentioned in most of the tweets racked up more than $100,000 from hundreds of transactions.
Some of the tweets promoting the scam also contained a link to a website, which has now been taken down.
Speculation on how the hack is being carried out is also rampant, with the most popular theories being that hackers have breached the account of a Twitter high-ranking employee and that they've ve found a zero-day and are using it to bypass the site's authentication.
A similar crypto scheme was the basis of a targeted attack on YouTube accounts earlier this year. A hacker hijacked YouTube accounts, renamed them to various Microsoft brands, and used them to broadcast a cryptocurrency Ponzi scam to thousands of users, posing as a message from Bill Gates.
Elon Musk is also a frequent target of account takeovers and hackers pushing bitcoin giveaway scams.
Five hours later, Twitter said its internal tools were used for the attack that was enabled by social engineering.
"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the company tweeted.
Updated at 1:30pm AEST, 16 July 2020: Added confirmation from Twitter that internal tools were used to hijack the accounts.