Coinbase says it prevented the transfer of $280,000 in Bitcoin (BTC) during a recent cryptocurrency scam on Twitter that compromised dozens of high-profile accounts.
On July 15, Twitter accounts belonging to well-known figures and celebrities including Barrack Obama, Joe Biden, Elon Musk, and Bill Gates were compromised to promote cryptocurrency scams.
According to Twitter, social engineering was used to obtain access to employee accounts, and with the backend exposed, internal tools were then used to blast out cryptocurrency-related messages.
In total, the cyberattackers manipulated 130 accounts -- 45 of which were used to urge unwitting members of the public to send them BTC. Data belonging to eight accounts was also downloaded and stolen; however, Twitter does not believe the hackers were able to access cleartext passwords and so mass password resets are not required.
In an attempt to contain the incident, Twitter temporarily stopped verified accounts from sending out any messages that appeared to contain Bitcoin wallet addresses. At the same time, cryptocurrency exchanges, too, took action.
The addresses sent by the fraudsters were blacklisted by exchanges watching the saga unfold, which prevented those duped by the campaign from sending any of their cryptocurrency to wallets controlled by the threat actors.
During the attack, the scammers managed to steal close to $120,000 in BTC. However, if Coinbase had not blacklisted the wallet address within minutes of the scam beginning, this could have been far worse.
Speaking to Forbes, Coinbase chief information security officer Philip Martin said the exchange, which accounts for roughly 35 million users worldwide, stopped customers from sending a total of 30.4 BTC to the attacker's wallet, which equates to approximately $280,000.
While 1,100 Coinbase users were prevented from sending cryptocurrency to the fraudulent wallet, within the small window of time between the scam being launched and blacklisting, 14 Coinbase users were still able to send $3,000.
Other cryptocurrency exchanges, including Binance and Gemini, also blocked funds from flowing to the scammer's wallet address.
"We noticed within about a minute of the Gemini and Binance tweets," Martin told the publication, adding that the platform wished to "avoid people having money stolen when it's in our power to prevent it."
Twitter is working with law enforcement to investigate the incident. The company is also conducting a forensic review of all impacted accounts.
Previous and related coverage
- Twitter: No evidence hackers accessed user passwords
- Phishing and cryptocurrency scams squashed as one million emails are reported to new anti-scam hotline
- UK court shuts down scam cryptocurrency platform GPay Ltd, £1.5 million in client funds lost
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0