The cryptocurrency world woke up on July 16, 2020, grappling with the fallout from what security experts are calling the most damaging breach of a major social media platform in history. On the afternoon of July 15, hackers executed a coordinated social engineering attack against Twitter employees, gaining access to internal administrative tools that allowed them to seize control of 69 high-profile accounts and broadcast a Bitcoin scam to millions of followers.
TL;DR
- Hackers compromised 69 major Twitter accounts including Elon Musk, Barack Obama, and Bill Gates through social engineering of Twitter staff
- The scam netted approximately 13.14 BTC, worth roughly $120,000 at the time
- Twitter locked all verified accounts from posting while investigating the breach
- CrowdStrike co-founder called it “the worst hack of a major social media platform yet”
- The incident raised serious concerns about platform security ahead of the 2020 US presidential election
How the Attack Unfolded
The attack began at approximately 20:00 UTC on July 15 when hackers first took over accounts belonging to cryptocurrency traders and influencers. Among the earliest compromised was a well-known crypto trader known as AngeloBTC. The perpetrators initially used the access to solicit payments via Twitter direct messages, inviting followers to a fabricated Telegram trading group.
Within minutes, the scope of the attack expanded dramatically. Hackers moved from crypto-specific accounts to some of the most followed profiles on the entire platform. Elon Musk’s account was the first major celebrity account compromised at 20:17 UTC. What followed was a cascade of fraudulent tweets from the accounts of Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Warren Buffett, Kim Kardashian, Kanye West, Michael Bloomberg, and Floyd Mayweather Jr.
Major corporate accounts were also hit, including Apple, Uber, and Cash App. Twitter later confirmed that a total of 130 accounts were accessed, though only 45 were actually used to post scam messages. The vast majority of affected accounts had at least one million followers.
The Mechanics of the Scam
The fraudulent tweets followed a simple but effective formula: send Bitcoin to a specified wallet address and receive double the amount in return, ostensibly as part of a COVID-19 relief effort. While “double your Bitcoin” scams had plagued Twitter for years, this was the first time such messages originated from genuinely verified accounts of public figures rather than impersonation accounts.
According to blockchain analysis by Chainalysis, the attackers used three primary Bitcoin addresses to collect funds. The primary address — bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh — received the majority of deposits. All three addresses combined took in 13.14 BTC, valued at approximately $120,000 at the time Bitcoin was trading around $9,132.
Security researchers noted that the perpetrators operated with a “smash and grab” mentality. Knowing that the intrusion would be detected and shut down quickly, they relied on the sheer volume of followers on compromised accounts to ensnare even a tiny fraction of users in the narrow window available.
Twitter’s Response and the Lockdown
By 21:45 UTC, Twitter publicly acknowledged the security incident, stating they were “aware of a security incident impacting accounts on Twitter” and were “taking steps to fix it.” The platform took the extraordinary measure of disabling tweeting capabilities for all verified accounts, effectively silencing millions of users while the investigation continued.
Password resets were also temporarily disabled for affected accounts. The repeated scam phrases — one particular message was tweeted over 3,000 times within four hours — actually helped Twitter identify and remove the fraudulent content more efficiently.
Broader Implications for Digital Identity
The breach exposed fundamental vulnerabilities in how centralized platforms manage digital identity and verification. The fact that a social engineering attack — not a sophisticated technical exploit — was sufficient to compromise the accounts of former presidents, presidential candidates, and the world’s wealthiest individuals sent shockwaves through the cybersecurity community.
CrowdStrike co-founder Dmitri Alperovitch described the incident as “the worst hack of a major social media platform yet.” Security researchers immediately highlighted the implications for the upcoming 2020 US presidential election, noting that the same tools used to post Bitcoin scam messages could theoretically be used to spread disinformation on a massive scale.
For the cryptocurrency community specifically, the incident was a double blow. While Bitcoin itself remained secure — trading at $9,132 with a market cap of $168 billion — the association of the world’s largest social media hack with Bitcoin reinforced negative perceptions among regulators and the general public. The scam demonstrated that Bitcoin’s transparency was actually helping investigators trace the stolen funds through multiple wallets, a point that blockchain analysis firms were quick to highlight.
Why This Matters
The Twitter hack of July 2020 was a watershed moment for digital security. It proved that even the most prominent technology companies remain vulnerable to human-centric attacks, and that the verification systems users rely on to identify authentic voices can be weaponized. For crypto, it was a reminder that while blockchain networks themselves may be secure, the human layer around them — exchanges, social platforms, and communication channels — remains a persistent attack surface. The incident ultimately led to three criminal charges by the US Department of Justice on July 31, 2020, and prompted widespread calls for platforms to adopt stronger internal security protocols and decentralized identity solutions.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always conduct your own research before making any investment decisions.
social engineering a handful of twitter employees to access admin tools controlling 69 of the most followed accounts on earth. zero day exploits are overrated when humans are the weakest link
13.14 BTC. that was the take from compromising 69 of the most powerful accounts on earth. the hackers were literally too stupid to capitalize on what they had
13.14 btc for compromising 69 accounts including obama and gates. the roi on that hack was embarrassing for twitter and the hackers
13.14 BTC from 69 compromised accounts. the access was worth billions in disinformation potential and they used it for a bitcoin giveaway scam. absolute clowns
billions in disinformation potential and they wasted it on a btc giveaway scam. imagine if they had geopolitical motives instead of just greed
threatintel_ the geopolitical implications were terrifying. if a state actor had that level of access they could crash markets with a single coordinated post from verified accounts
crowdstrike calling it the worst social media hack ever and it netted 120k. imagine having that level of access and fumbling a bitcoin scam
Twitter locking all verified accounts ahead of the 2020 election was the real story. If they could do this in July, what happens in November?
the election was 4 months later and twitter security was still a mess. they got lucky nothing worse happened during the actual vote
Goran T. twitter security was a mess for months after. they didnt actually fix the admin tool access until late 2020. election interference was a real possibility