The Twitter Bitcoin Hack
Attackers used social engineering to compromise Twitter's internal admin tools, hijacking high-profile accounts to run a Bitcoin scam that netted over $120,000 in hours.
Background
Twitter is one of the world's largest social media platforms, used daily by world leaders, celebrities, and major corporations. In July 2020, a coordinated attack targeted the company's own employees rather than its public-facing security systems.
The Attack
Attackers called Twitter employees by phone, impersonating IT support staff and convincing targets to hand over credentials. Once inside Twitter's admin panel, they posted identical Bitcoin scam tweets from accounts belonging to Barack Obama, Joe Biden, Elon Musk, Apple, and dozens of others, promising to double any Bitcoin sent to a wallet address.
Response
Twitter detected the unauthorized activity within hours and locked all verified accounts from tweeting while they investigated. They reset compromised credentials, revoked employee access to internal tools, and worked with law enforcement. Three suspects — including a 17-year-old in Florida — were arrested within weeks.
Outcome
Approximately $120,000 in Bitcoin was sent to the scammer's wallet before Twitter shut down the attack. Twitter suffered significant reputational damage and subsequently implemented stricter controls on internal tool access, mandatory security training, and hardware security keys for all employees.
Key Takeaways
- Internal admin tools are high-value targets — restrict access and log all usage
- Phone-based social engineering bypasses technical security entirely
- Even top-tier platforms are vulnerable to insider threat vectors
- Hardware security keys (FIDO2) make phishing attacks much harder
- Incident response speed directly limits financial damage