The attackers soon moved on to high-profile tech executives, companies, celebrities, and politicians, who posted tweets with a more overt scam. The language has remained fairly consistent across the hacked accounts. “I am giving back to the community,” a typical victim’s tweet reads. “All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.” Numerous non-verified accounts also sent out similar messages, but it's unclear whether those accounts were also compromised or if some of them were bots.
All the messages appear to lead back to the same digital wallet, which received its first incoming transaction at 3:03 pm EDT. It has recorded around 300 transactions since, although several of those are outgoing. It's not clear at this time to where.This kind of bitcoin scam is a classic, although usually it involves people impersonating celebrity accounts rather than actually hacking them. We wrote about it a couple of years ago. A scammer creates a fake Elon Musk account, say, and promises to pay out a big chunk of bitcoin to anyone who sends a small amount to their digital wallet. And that’s the whole scam.
Or at least it was, until hackers figured out how to take over dozens of the most popular accounts on Twitter."These scams work because of a gambling mentality: Give a little bit of money, get a lot of money," says Ronnie Tokazowski, a senior threat researcher at the email security firm Agari. "Just the idea of risk versus reward. It's especially dangerous right now, because so many people are struggling.”