The Twitter accounts of Barack Obama, Jeff Bezos, Joe Biden, Elon Musk and many other high-profile people and companies became pawns Wednesday in one of the most visible cyberscams in the internet's history.
Suspected Bitcoin scammers grabbed control of accounts belonging to the rich and famous, as well as lower-profile accounts, for more than two hours during the afternoon and tricked at least a few hundred people into transferring the cryptocurrency.
A tweet typical of the attack, sent from the account of Bill Gates, the software mogul who is the world's second-wealthiest person, promised to double all payments sent to his Bitcoin address for the next 30 minutes.
"Everyone is asking me to give back, and now is the time," the tweet said. "You send $1,000, I send you back $2,000."
Similar tweets appeared on the accounts of rapper Kanye West and investor Warren Buffett and corporations including Apple, Wendy's, Uber and the money transfer app Cash.
Twitter said Wednesday night that it was likely "a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
"We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf," the platform said.
It froze the the ability of verified accounts to tweet for nearly three hours as a precaution.
Compromised accounts remained off-limits for their owners as Twitter tried to get to the bottom of what happened, it said.
"Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing," Twitter said.
Earlier in the day Twitter CEO Jack Dorsey weighed in.
"Tough day for us at Twitter. We all feel terrible this happened," he tweeted. "We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."
The FBI's San Francisco office said it was aware of the incident.
The tweets began showing up sometime after 3 p.m. Eastern time, and the attack appeared to be continuing on scores of Twitter accounts more than two hours later. It wasn't immediately clear why Twitter wasn't able to shut the attack down quickly. At around 6 p.m. ET, Twitter appeared to stop verified accounts from tweeting as the company tried to slow the spread of the scam.
The temporary shutdown of verified accounts had the collateral effect of halting some government agencies' ability to communicate with the public. Official Twitter feeds for the National Weather Service, for example, were silenced even as there was a tornado watch in Illinois.
The Biden campaign said in a statement that Twitter locked Biden's account immediately and removed the related tweet. "We remain in touch with Twitter on the matter," the campaign said.
Some people were complying with the scam requests, according to the public register of Bitcoin transactions. The Bitcoin address linked in the tweets was quickly inundated with more than 200 instances of people sending it money, adding up to more than $115,000.
Other people on Twitter called out the tweets as obvious scams. Many tweets were deleted after several minutes, but in some cases similar language appeared from the same accounts later on. Musk's account continued to tweet out the Bitcoin solicitation hours after the attack began.
Rachel Tobac, the CEO of cybersecurity firm SocialProof Security, said the attack was likely the largest Twitter had ever seen.
"I'm surprised Twitter hasn't gone completely dark to prevent misinformation campaigns and political upheaval," she said in a text message. "We are lucky the attackers are going after bitcoin (money motivated) and not motivated by chaos and destruction."
It's not uncommon for individual Twitter accounts to be compromised, but the scale of Wednesday's scam easily overshadowed previous breaches.
The attack was unusual for how many Twitter accounts were compromised and for how long. Hundreds of accounts tweeted out identical language.
Kelley Robinson, a security advocate for Authy, a company that provides two-factor authentication, said the scale of the attack indicated that the hackers had gotten administrative access at Twitter itself.
"It's really unlikely that Bezos, Musk, and especially Biden all had credentials compromised," she said in direct Twitter message.
Some of the accounts have huge followings. Gates' has 51.1 million Twitter followers, while Musk's has 36.9 million. Apple's account has 4.5 million.
Shares of Twitter fell 3 percent in after-hours trading.
Cryptocurrency investors Cameron and Tyler Winklevoss, who are brothers, said from their Twitter accounts that they believed all major Twitter accounts in the industry had been compromised and were tweeting about a fake partnership.