The Twitter account hacks: a comprehensive timeline of events

Quick Take

  • A wide array of Twitter accounts were compromised in a massive attack on Twitter yesterday
  • The attack started with the takeover of the account of one of BitMEX’s leading traders, AngeloBTC
  • Over the next four hours, at least 30 high-profile Twitter accounts were affected

A wide array of Twitter accounts owned by popular figures, large companies, and crypto exchanges were targeted Wednesday in a wide-ranging attack on Twitter. 

The accounts in question — which included the likes of former U.S. president Barack Obama, reality TV star Kim Kardashian, Microsoft co-founder Bill Gates, and entrepreneur Elon Musk — were used to post bitcoin giveaway scams. Twitter eventually disclosed that the hacker was able to compromise some of Twitter's employees with access to internal systems and tools and then change the email addresses associated with those accounts.

But how did all of this start? In crypto, of course.

The first account hijacking happened at 2:16 PM ET when one of BitMEX's leading traders AngeloBTC posted a tweet that asked users to join his paid private trading group. It became immediately clear that the account was not controlled by the person behind it and while the tweet got quickly deleted, the impersonator was still able to fool some people.

Source: Twitter

The impersonator didn't tweet out the Bitcoin address but instead distributed it through direct messages to people that asked for it. The address currently holds 7.4 BTC (~$67,000).

Source: BitInfoCharts

The second takeover took place almost an hour later when Binance's account tweeted that the company has partnered with "CryptoForHealth" to reward community members with BTC.

Source: Twitter

The attached link led to the second Bitcoin address, which was then used for the majority of other tweets. 

Source: BitInfoCharts

In the next hour, ten other cryptocurrency companies and personalities were targeted with the same exact message that led to the same address. 

Ripple's account was attacked next with a new message that said that the company was giving back 2,000 XRP to random addresses that send money to their XRP address. The address, which doesn't even appear to exist, did not receive any XRP.

Source: Twitter

Attack expands to major accounts

After Ripple, the hacker has moved on from targeting accounts associated with cryptocurrency and started gaining access to mainstream accounts, including those owned by major figures and politicians.

Elon Musk, who is followed by nearly 37 million people, was the first mainstream target, followed by Bill Gates, Uber, Apple, Kanye West, Jeff Bezos, and Mike Bloomber,  among others.

Source: The Block Research

The last targeted celebrity before Twitter acted was Kim Kardashian, whose account tweeted the third unique Bitcoin address.

Source: BitInfoCharts

Although some of the attacks used a different tweet format and three different addresses, the attack was orchestrated by the same hacker (or a group of hackers) because they were transacting between each of the three addresses, as shown in the data.


Address A — 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF

Address B — bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh

Address C — bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l

Examples of transactions between each address

  1. Address A and B
  2. Address B and C
  3. Address A and C

Timeline breakdown

Source: The Block Research

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Related Reading

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

TRON USDC now available

Delivering on a vision for an interoperable global standard for dollar digital currency, Circle and TRON have partnered to make USD Coin (USDC) available on the TRON blockchain, which has grown to more than 56 million accounts and nearly 2.5 billion transactions since its founding just four years ago. TRON is home to a broad ecosystem for digital assets in Asia and around the world, and the TRON community can now benefit from easy access to the world's fastest-growing, regulated dollar digital currency. 
Read Full Story
Sponsored Post

Layer-1 Platforms: A Framework for Comparison

The Block Research was commissioned by Algorand to create Layer-1 Platforms: A Framework for comparison, which provides a “look under the hood” at seven platforms: Algorand, Avalanche, Binance Smart Chain, Cosmos, Ethereum/Ethereum 2.0, Polkadot, and Solana. We assess their technical design, related ecosystem data, and qualitative factors such as key ecosystem members to get an understanding of how they differ. Having done this analysis, we draw some insights for what the future of the broader smart contract landscape could look like for years to come. 
Read Full Story
Aug 11, 2021, 5:18PM UTC