Twitter was hit by the worst security incident in its history this week with dozens of high-profile accounts compromised.
Attackers hijacked the Twitter accounts of presumptive Democratic presidential nominee Joe Biden, former president Barack Obama, Tesla chief executive Elon Musk, and billionaire philanthropist Bill Gates, along with dozens of others, using them to post a bitcoin giveaway scam.
The Twitter attackers managed to defraud people of more than $100,000 worth of bitcoin but data from some the world’s biggest bitcoin exchanges shows they could have got a lot more—with at least $300,000 worth of bitcoin held back by exchanges.
As the attack spread on July 15, Twitter and bitcoin exchanges around the world scrambled to prevent hackers being sent more bitcoin. Twitter first temporarily prevented all verified users from tweeting before blocking any post that appears to including a bitcoin address.
Bitcoin exchanges, for their part, “blacklisted” the bitcoin addresses used by the fraudsters, preventing money being sent from their exchanges to scam.
Coinbase, the largest U.S. bitcoin and cryptocurrency exchange with around 35 million users around the world, has said it prevented just over 1,100 Coinbase customers from sending a total of 30.4 bitcoin, worth almost $280,000, to the scam.
“We noticed within about a minute of the Gemini and Binance tweets,” Philip Martin, Coinbase chief information security officer, said during a phone interview. Bitcoin exchanges Gemini and Binance were both targeted early on by the hackers, just before Coinbase itself.
Only 14 Coinbase users were able to send around $3,000 worth of bitcoin to the scam bitcoin address before Coinbase blacklisted it, according to Martin.
“It was a vanishingly small group of Coinbase users that tried to send bitcoin to the scam address,” Martin said, adding that the San Francisco-based exchange, which is reportedly gearing up for a stock market listing that could come as early as this year, often blacklists the bitcoin and cryptocurrency addresses used by giveaway scammers.
Other bitcoin exchanges, including New York-based Gemini, owned by the Winklevoss twins, San Francisco-based Kraken and Binance, of no fixed address, all confirmed they stopped funds from flowing into the hacker’s bitcoin address—though their combined users didn’t attempt to send anywhere near as much as Coinbase.
“This hack shows that security is about layers of protection,” Jesse Powell, chief executive of Kraken, said via email. “Somebody has to be watching the admins and setting up alerts to watch for these vulnerabilities.”
“The Twitter hack was a more widespread event, but scams of this nature are not new. Kraken proactively monitors for this type of activity and blocks certain addresses that we come across. Like any other scam, we proactively blocked the addresses from the Twitter hack earlier this week.”
Meanwhile, the move to blacklist certain bitcoin address, even those used by scams and fraudsters, has caused some in the bitcoin community to warn of the possibility that major crypto exchanges could censor bitcoin transactions deemed undesirable.
“The principle that we want to pay attention to is harm reduction without reducing the underlying utility of the asset,” said Martin, adding Coinbase finds broad support in trying to “avoid people having money stolen when it’s in our power to prevent it.”
Others, including the London-based Luno bitcoin and cryptocurrency exchange, are trying to better educate their users about scams.
“We have taken some in-app steps to avoid our customers becoming the victim of scams including blacklisting known scam addresses and also a pop up scam warning box if we detect they are about to transfer funds to a known scam address,” Marcus Swanepoel, Luno chief executive, said via email, adding, “if it’s sounds too good to be true, then it generally is.”