On 13 November 2018 the Twitter accounts of Target and G suite, Google’s business applications package, were breached by hackers to promote a crypto giveaway scam. This type of scam offers free Bitcoins if a certain amount of Bitcoin is sent to an address posted by the hackers. In the past hackers typically made copycat accounts with the same profile picture and name, but not the same handle, as reputable Twitter users like Elon Musk. Now the hackers are getting more aggressive by directly hacking into reputable accounts instead of making copycat accounts.
A tweet was published on the Target Twitter announcing the distribution of 5,000 Bitcoins, supposedly in celebration of Target now offering crypto payments for merchandise. In order to receive a portion of the 5,000 Bitcoins users had to try the new so-called “payment service”, but of course any Bitcoins sent went directly to the hackers. The hackers only had access to the account for half an hour and the malicious tweet was quickly deleted.
The attack on Google’s G Suite account has characteristics similar to the one carried out against Target. This time the tweet said 10,000 Bitcoins were being given away. Additionally, a Twitter spokesman said accounts operated by US politicians and governmental organizations in India had also been breached.
It should be noted that according to information from the Bitcoin block explorer, the hacker in charge of the attack on the G Suite account had not received a Satoshi. On the other hand, the address of the person who perpetrated the attack on the Target account received more than USD 100 of Bitcoin. It is worth noting that this same Bitcoin address reflects a final balance equivalent to more than USD 24,000, possibly obtained during other crimes.
Crypto giveaway scams on Twitter are not new. Major Twitter personalities such as Elon Musk, CEO of SpaceX, and Vitalik Buterin, Co-Founder of Ethereum, have publicly denounced multiple times the creation of fake profiles with their names. These fake accounts post on the tweets from Musk and Buterin and offer free Bitcoin or Ether if users send a certain amount to an address.
Twitter has said it is taking steps to eliminate the crypto giveaway scam, but so far has not found an effective method. Elon Musk and Jackson Palmer, creator of Dogecoin, decided to take the initiative in the middle of this situation to create a script which bans Twitter accounts that have the same profile picture and name from posting on the authentic account’s tweets, but perhaps this has caused hackers to simply move towards hacking directly into reputable Twitter accounts.
The lesson to learn from this story is to never send cryptocurrency in response to a Twitter giveaway post, since now even official company accounts are getting hacked to perpetrate this scam. If someone is actually giving away cryptocurrency they would not ask you to send any to them.