Skip to main content

Filed under:

Twitter and the big bitcoin scam: what happened next

On July 15th, multiple verified Twitter accounts associated with public figures and companies were hijacked and tweeted out a bitcoin scam. Several accounts impacted by the breach include Apple, President Barack Obama, former Vice President Joe Biden, Tesla and SpaceX CEO Elon Musk, rapper Kanye West, Microsoft co-founder Bill Gates, and Uber.

The takeovers lasted more than two hours, and Twitter took extreme measures to prevent other verified accounts from being compromised, such as disabling the ability for some users to send new tweets and locking some users out of their accounts.

Twitter is continuing to look into the incident, and the FBI has launched its own investigation, so there’s sure to be more news about the unprecedented attack on the social media platform. Follow along with all of the latest updates in our StoryStream below.

  • Sean Hollister

    Sep 3, 2020

    Sean Hollister

    You can now download your Twitter data again and see what hackers could’ve nabbed

    Illustration by Grayson Blackmon / The Verge

    If you’re curious what kind of data Twitter stores on you — and what those hackers could have stolen during their big bitcoin scam — you can now find out once again. Twitter has reenabled the ability to download archives of “Your Twitter Data,” nearly two months after shutting off the feature as a precaution against further hacking.

    To access it, go to Settings > Account > Your Twitter data and you should see a screen like the one below, where you’ll need to type in your password to start the transfer. If you’re using a phone app, it may shove you over to the mobile website instead.

    Read Article >
  • Nick Statt

    Sep 2, 2020

    Nick Statt

    Twitter hack conspirators may include a 16-year-old from Massachusetts

    Illustration by Grayson Blackmon / The Verge

    The investigation of the unprecedented Twitter hack earlier this summer has produced a new suspect: a 16-year-old from Massachusetts, according to a new report from The New York Times. This new suspect would be the youngest of the group of conspirators spanning the US and the UK, a group now totaling four individuals who together planned and then pulled off account takeovers of dozens of high-profile Twitter users to promote a bitcoin scam.

    It’s still unclear which members had direct control of internal Twitter systems and how exactly they gained access beyond somehow tricking company employees, but the supposed mastermind of the hack is believed to be 17-year-old Floridian Graham Ivan Clark, who has been charged as an adult with 30 felonies. The others include 19-year-old Mason John Sheppard of the UK and 22-year-old Nima Fazeli of Orlando, Florida.

    Read Article >
  • Sean Hollister

    Aug 5, 2020

    Sean Hollister

    Alleged Twitter teen hacker’s hearing got zoombombed big time

    Illustration by Grayson Blackmon / The Verge

    Last Friday, a 17-year-old Florida high school graduate, Graham Ivan Clark, was arrested and charged as the “mastermind” behind the massive bitcoin scam that ensnared the accounts of Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Apple, and more — after he allegedly posed as a member of Twitter’s IT department and used Twitter’s own admin tools to break into those accounts.

    This morning, I woke up early to hear what he — or his lawyer — had to say about that. It was so easy I didn’t even have to get to a desk. The court had publicly revealed last week it’d hold hearings over Zoom, no password required, so I tuned in with my phone from bed.

    Read Article >
  • Jon Porter

    Aug 3, 2020

    Jon Porter

    Go read this investigation into the troubled past of alleged Twitter hacker

    Twitter bird logo, but spooky
    Illustration by Alex Castro

    On Friday Graham Ivan Clark was charged along with two others for the most serious hack in Twitter’s history, where numerous high-profile accounts including those of Elon Musk, Barack Obama, and Bill Gates were taken over to promote a bitcoin scam. In a new investigation, The New York Times has delved into Clark’s history, which reportedly escalated from small Minecraft scams into a hack so big that some have dubbed it a global security crisis.

    Here’s how it all began, as described by the NYT:

    Read Article >
  • Sean Hollister

    Jul 31, 2020

    Sean Hollister

    Three people have been charged for Twitter’s huge hack, and a Florida teen is in jail

    Twitter bird logo, but spooky
    Illustration by Alex Castro

    Early on July 31st, the FBI, IRS, US Secret Service, and Florida law enforcement placed 17-year-old Graham Clark of Tampa, Florida, under arrest. He’s accused of being the “mastermind” behind the biggest security and privacy breach in Twitter’s history, one that took over the accounts of President Barack Obama, Democratic presidential candidate Joe Biden, Bill Gates, Elon Musk, Kanye West, Apple, and more to perpetrate a huge bitcoin scam on July 15th.

    Apparently, he wasn’t alone: shortly after the Tampa arrest was revealed and after we published this story, two more individuals were formally charged by the US Department of Justice: 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the UK. They go by the hacker aliases “Rolex” and “Chaewon,” respectively, according to the DOJ. The FBI says that two individuals in total are in custody. An unidentified minor in California also admitted to federal agents that they’d helped Chaewon sell access to Twitter accounts.

    Read Article >
  • Jay Peters

    Jul 31, 2020

    Jay Peters

    Twitter says a spear phishing attack led to the huge bitcoin scam

    Illustration by Grayson Blackmon / The Verge

    Twitter provided an update about the unprecedented July 15th attack that allowed hackers to tweet from some of the most high-profile accounts on the service, in a blog post and a series of tweets published Thursday evening. Twitter now says that a few employees were targeted in a phone spear phishing attack. While Twitter doesn’t quite say, that presumably means hackers called up Twitter employees while posing as colleagues or members of Twitter’s own security team, and got them to reveal the credentials they use to access internal systems.

    Twitter had previously said its own tools were compromised in the attack, but up until this point, the company hadn’t specified how that had happened. “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter said in a tweet from its support account. 

    Read Article >
  • Jay Peters

    Jul 27, 2020

    Jay Peters

    Years before big hack, Twitter contractors reportedly spied on celebs, including Beyoncé

    Illustration by Grayson Blackmon / The Verge

    Years before the July 15th attack on Twitter that let hackers compromise some of the social network’s most high-profile accounts to tweet Bitcoin scams, Twitter contractors apparently were able to use Twitter’s internal tools to spy on some celebrities, including Beyoncé, according to a report from Bloomberg chronicling longtime security concerns at the company.

    The tools in question typically allow certain Twitter staffers to do things like reset accounts or respond to content violations, but they could apparently also be used to spy on or hack an account, according to Bloomberg. “The controls were so porous that at one point in 2017 and 2018 some contractors made a kind of game out of creating bogus help-desk inquiries that allowed them to peek into celebrity accounts, including Beyonce’s, to track the stars’ personal data including their approximate locations gleaned from their devices’ IP addresses,” Bloomberg reported. And snooping on user accounts was apparently rampant enough that Twitter’s full-time security team in the US “struggled to keep track of the intrusions,” Bloomberg said.

    Read Article >
  • Jay Peters

    Jul 23, 2020

    Jay Peters

    Twitter says hackers accessed the DMs of one elected official in last week’s attack

    Twitter bird logo, but spooky
    Illustration by Alex Castro

    Twitter believes the perpetrators of last week’s unprecedented attack on the company accessed the direct message (DM) inbox of an elected official in the Netherlands, the company said Wednesday evening. The revelation comes as part of the company’s ongoing investigation into last Thursday’s attack that allowed attackers to hijack the accounts of some of the service’s most high-profile users, including politicians Barack Obama and Joe Biden, to tweet a bitcoin scam.

    Although Twitter didn’t name the Dutch official, local media reported last week that far-right, anti-Islam politician Geert Wilders, had his account hacked, retweeting a number of conspiracy theories and replacing Wilders’ profile photo with a caricature of a Black man and Moroccan flag. A hacker interviewed on Dutch radio also claimed to have access to Wilders’ DMs at the time.

    Read Article >
  • Makena Kelly

    Jul 20, 2020

    Makena Kelly

    Coinbase says it halted more than $280,000 in bitcoin transactions during Twitter hack

    Illustration by Alex Castro

    The cryptocurrency exchange Coinbase said that it stopped around 1,100 customers from sending bitcoin to hackers who gained access to high-profile Twitter accounts last week. 

    Last Wednesday, over 100 Twitter accounts, some belonging to major companies like Apple and high-profile people like Vice President Joe Biden and Bill Gates, were hacked as part of a massive coordinated bitcoin scam. According to Twitter, the hackers were able to convince some of the company’s employees to use internal systems and tools to access the accounts and help the hackers defraud users into sending them bitcoin.

    Read Article >
  • Sean Hollister

    Jul 18, 2020

    Sean Hollister

    Read Twitter’s update on the huge hack — 8 accounts may have had private messages stolen

    Illustration by Alex Castro

    On Friday evening, Twitter issued its first full blog post about what happened after the biggest security lapse in the company’s history, one that led to attackers getting hold of some of the highest profile Twitter accounts in the world — including Democratic presidential candidate Joe Biden, President Barack Obama, Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Kanye West, Michael Bloomberg, and more.

    The bad news: Twitter has now revealed that the attackers may indeed have downloaded the private direct messages (DMs) of up to 8 individuals while conducting their Bitcoin scam, and were able to see “personal information” including phone numbers and email addresses for every account they targeted.

    Read Article >
  • Nick Statt

    Jul 18, 2020

    Nick Statt

    Go read The New York Times’ incredible account of how the Twitter attack may have happened

    Illustration by Grayson Blackmon / The Verge

    Reporters are starting to piece together the behind-the-scenes events of the unprecedented Twitter attack on Wednesday almost as fast as the official investigators themselves. And the clearest idea of what may have happened two days ago — when roughly 130 accounts were compromised using internal company tools — comes courtesy of The New York Times this afternoon.

    Reporters Nathaniel Popper and Kate Conger tell the stories of four individuals involved in the hack and how exactly it spiraled out of control and resulted in the takeovers of some of the platforms most high-profile and sensitive accounts.

    Read Article >
  • Casey Newton

    Jul 17, 2020

    Casey Newton

    Everything we know about this week’s big Twitter hack so far

    Illustration by Alex Castro / The Verge

    It’s been such a newsy week that we’re ending it with two columns — enough to last you the whole weekend. First, we have what we hope is the ultimate Twitter hack FAQ, in response to this week’s catastrophic security breach. Yesterday’s issue was the most-read in Interface history, and we wanted to make sure you had all the latest developments.

    Second, I’m excited to share a conversation I had this week with Facebook’s chief diversity officer, Maxine Williams, on the occasion of the company releasing its annual diversity report. I wanted to know why progress on the issue has been so hard to come by, what it means that she reports to Sheryl Sandberg now, and much more. Williams is a dynamo; I hope you’ll enjoy our chat.

    Read Article >
  • Jay Peters

    Jul 17, 2020

    Jay Peters

    Trump’s Twitter account has extra protections, which could be why it didn’t get hacked

    President Trump Delivers Remarks At The White House On Rolling Back Regulations
    Photo by Drew Angerer/Getty Images

    In yesterday’s massive attack on Twitter, some of the highest-profile accounts on the service, including President Barack Obama, Joe Biden, Elon Musk, and Bill Gates had their accounts hijacked to peddle bitcoin scams. Notably, however, Donald Trump, perhaps the most famous Twitter user of all, was untouched by the attack, and it could be because Twitter has implemented extra protections for his account.

    In a deeply-reported article on the attack, The New York Times writes that Trump’s Twitter account has extra protection after “past incidents,” citing two anonymous sources — a senior White House official and a Twitter employee. The New York Times didn’t specify what those past incidents were, but they could refer to the November 2nd, 2017 incident where a rogue employee deactivated Trump’s account on his last day at the company. Trump’s account returned to Twitter 11 minutes later.

    Read Article >
  • Nick Statt

    Jul 16, 2020

    Nick Statt

    Twitter’s massive attack: What we know after Apple, Biden, Obama, Musk, and others tweeted a bitcoin scam

    Twitter bird logo, but spooky
    Illustration by Alex Castro

    The Twitter accounts of major companies and individuals were compromised on Wednesday in one of the most widespread and confounding breaches the platform has ever seen, all in service of promoting a bitcoin scam that earned its creators nearly $120,000.

    Multiple law enforcement investigations, including one from the Federal Bureau of Investigation, are now actively probing the situation over far a deeper concern: that the exploited vulnerability in Twitter’s systems — a result it seems of mid-level employees having powerful access to site-wide admin tools that can fall into the wrong hands — has exposed serious security risks for the platform’s most powerful users. Lawmakers are hounding Twitter for more transparency around the incident, and it seems likely the attack will have longstanding consequences not just for Twitter’s own internal tools and security, but for the broaden cybersecurity industry and every high-profile Twitter user on the platform, too.

    Read Article >
  • Nick Statt

    Jul 16, 2020

    Nick Statt

    The FBI opens investigation into Twitter attack over national security concerns

    Illustration by Alex Castro

    The US Federal Bureau of Investigation has opened an investigation into Wednesday’s unprecedented Twitter attack that resulted in numerous takeovers of high-profile accounts belonging to politicians, business leaders, and corporations, according to a report from The Wall Street Journal.

    The FBI is concerned that the coordinated attack and the vulnerabilities it exposed in Twitter’s systems may pose serious security risks, due to the widespread compromising of sensitive accounts, including those of President Barack Obama and Democratic presidential candidate Joe Biden. President Donald Trump’s account was not affected, White House press secretary Kayleigh McEnany tells the WSJ, but it’s unclear if Trump’s account has special protections. Twitter tells The Verge it is in communication with the FBI regarding its investigation and intends to fully cooperate.

    Read Article >
  • Jay Peters

    Jul 16, 2020

    Jay Peters

    Twitter says passwords were spared in yesterday’s attack, but it’s still working to restore locked accounts

    Illustration by Alex Castro / The Verge

    Twitter says it has “no evidence” user passwords were accessed as part of yesterday’s massive attack targeting the company’s internal tools, but it is still working to restore access to locked accounts. The updates were shared as part of a series of tweets posted Thursday afternoon.

    Yesterday, attackers hijacked the accounts of some of the most-followed people on Twitter, including President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, and Kanye West, to post bitcoin scams. The company made the decision to lock many accounts last night as a precaution to reduce further damage from the attacks, and it provided more detail about why accounts were locked in this afternoon’s tweets.

    Read Article >
  • Makena Kelly

    Jul 16, 2020

    Makena Kelly

    Lawmakers demand more details on Twitter’s massive hack

    Illustration by Alex Castro / The Verge

    Lawmakers on both sides of the aisle are demanding more details on Twitter’s massive hacking attack yesterday. Sen. Ed Markey (D-MA) said in a statement Thursday that “Twitter must fully disclose what happened and what it is doing to ensure this never happens again.” 

    On Wednesday, Twitter accounts belonging to major companies like Apple and Uber and high-profile individuals like Vice President Joe Biden, President Barack Obama, Elon Musk, and Bill Gates were all compromised as part of a coordinated bitcoin scam. According to Twitter, the accounts were compromised by hackers who “successfully targeted” employees who had access to internal systems and tools that provided access to these accounts. The specifics are still unknown, but Twitter said late Wednesday evening that it was still investigating the details of the attack.

    Read Article >
  • Nick Statt

    Jul 16, 2020

    Nick Statt

    Twitter reveals that its own employee tools contributed to unprecedented hack

    Illustration by Grayson Blackmon / The Verge

    Twitter has shed some light on the unprecedented attack on Wednesday that resulted in numerous takeovers of high-profile accounts including those of President Barack Obama, Democratic candidate Joe Biden, and Tesla CEO Elon Musk. In a series of tweets posted this evening under its support channel, Twitter said that its internal systems were compromised by the hackers, confirming theories that the attack could not have been conducted without access to the company’s own tools and employee privileges.

    “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the first tweet in a multi-tweet explainer thread reads. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”

    Read Article >
  • Casey Newton

    Jul 16, 2020

    Casey Newton

    The massive Twitter hack could be a global security crisis

    Illustration by Grayson Blackmon / The Verge

    You can’t say you didn’t see it coming.

    Whatever Twitter eventually comes to say about the events of July 15th, 2020, when it suffered the most catastrophic security breach in company history, it must be said that the events were set in motion years ago.

    Read Article >
  • Chaim Gartenberg

    Jul 15, 2020

    Chaim Gartenberg

    Twitter shut off the ability for many people to tweet after massive hack

    Illustration by William Joel / The Verge

    Twitter completely disabled the ability for many accounts to send new tweets following a massive hack on the social media website on Wednesday afternoon, which has seen numerous popular accounts — including Barack Obama, Bill Gates, Elon Musk, Joe Biden, and others — tweet out a bitcoin scam.

    As of 8:32PM ET, the ban appeared to have been lifted, and Twitter announced at 8:41PM ET that “most accounts should be able to tweet again.”

    Read Article >