Twitter has said that about 130 people were targeted in a cyberattack that took control of high-profile accounts to promote a bitcoin scam.
The hackers received $121,000 from over 400 payments to three separate bitcoin addresses, according to blockchain analysis firm Elliptic. Roughly half of those payments were made from U.S.-based cryptocurrency exchanges, Elliptic added.
“Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident,” the social media firm tweeted.
“For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”
The hack, which took place on Wednesday, compromised the accounts of several prominent figures in business and politics.
Tesla CEO Elon Musk, Amazon boss Jeff Bezos, Microsoft founder Bill Gates, U.S. presidential candidate Joe Biden and former President Barack Obama were all affected, as well as the corporate accounts of Apple and Uber.
The accounts were seen posting tweets trying to persuade people to send them bitcoin, with the promise of sending back double the funds in return.
Previously, scammers have used the names and profile pictures of people like Musk to lure people into sending them cryptocurrency. But on Wednesday, all of the accounts involved were genuine and belonged to the people targeted.
“These attackers were the equivalent of stealing a McLaren F1, taking it for a joyride and then crashing it into a telephone pole 4 minutes later,” Alex Stamos, former chief security officer of Facebook, told CNBC’s “Squawk Box” on Thursday.
“There is so much more damage that could have been done.”
Twitter said it believes the hack was a “coordinated social engineering attack” on its employees — in other words, insiders at the company were tricked into handing over access to internal systems and tools.
“The biggest area of risk for almost any company is the insider threat,” said Stamos. “To operate your business, you have to provide data and access to thousands and thousands of employees.”
On Thursday, Twitter said it was “working with impacted account owners and will continue to do so over the next several days.”
“We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred,” the company said.
It’s not clear how much control the hackers had over the profiles they compromised — for instance, whether they gained access to users’ direct messages and other sensitive information. However, the company said there was no evidence the attackers accessed users’ passwords, adding: “Currently, we don’t believe resetting your password is necessary.”
The FBI is looking into the attack, according to The Wall Street Journal.
A Twitter spokesperson said the firm had nothing further to add.