Twitter Hackers Caught Using BitPay and Coinbase on Hack-Related Wallet

Published at: July 16, 2020

The Twitter hackers who compromised more than a dozen celebrity accounts on Wednesday appear to be consolidating their funds to an address that had earlier sent money to BitPay and Coinbase.

According to research from Whitestream, a blockchain analytics company, three transactions originating from the “1Ai5” address lead to wallets associated with Coinbase and BitPay, both of which provide merchant solutions. The legacy address was the first to be offered by the hackers, who later switched to a Bech32 address when targeting non-crypto accounts.

However, the original address is now the consolidation point of all the proceeds gotten through the attack. It received 14.75 Bitcoin (BTC), worth about $135,000.

Three transactions are believed to be leading to Coinbase and Bitpay. The first involves a transfer of about 1.2 BTC in May 2020, worth about $11,000 at the time. The latter two were sent two days before the hack and are for much smaller amounts.

Notably, the latter transactions are much more sophisticated as the change address is always of a different type than any of the other inputs. This makes it more difficult to trace, though it is possible that the hacker was simply in the process of switching to a Bech32 address.

According to Whitestream, the first transaction sent a small amount of funds to a BitPay-associated address, while the other two were sent to Coinbase. 

The hackers’ address appears to be clearly traceable for those companies, possibly exposing their identity. It is however likely that these transactions are related to merchant usage, which could make investigations more difficult.

It is also unclear why the hackers used an old address to perform the attack, as it appears to be giving unnecessary clues for the future investigation. Furthermore, given that the hackers owned at least $11,000 before the attack, such a massive account compromise could have been used to publish market-moving announcements. By entering heavily leveraged positions before the tweets, the hackers likely would have made much more money.

Twitter employees getting exploited

As Cointelegraph reported extensively on Wednesday, dozens of Twitter accounts from crypto exchanges and influencers, tech companies, politicians and celebrities progressively fell to the hackers. The accounts published a well-known crypto scam that promised to double the money of anyone who sent Bitcoin to a certain address.

Twitter said that the issue was due to a social engineering attack performed on high-rank employees with admin access. Through the admin panel, hackers took control of the accounts by changing their passwords and recovery emails.

This is similar to a BlockFi data breach in May, where criminals used a SIM swap attack to gain access to internal customer records.

Tags
Related Posts
Experts Concerned Over Twitter’s Ability to Tweet on Behalf of Users
Cybersecurity experts are warning that the Twitter hack on July 15 shows that the social network needs to strengthen its security in order to avoid a worse black swan scenario with serious consequences. In the most recent incident, attackers launched a crypto giveaway scam by posting phishing messages through the hijacked profiles of celebrities and high-ranked political personalities worldwide, collecting over 13 Bitcoin (BTC) from the victims. The attack could have been worse Ilya Sachkov, CEO of threat intelligence firm Group-IB, believes the attack demonstrated a “huge problem of low financial literacy and bad cyber hygiene.” He told Cointelegraph: “This …
Technology / July 21, 2020
Defending Bitcoin’s Integrity in the Great Twitter Hack
Bitcoin (BTC) has made global headlines again because of the recent Twitter hack, but this time, we need to work harder to protect Bitcoin’s integrity and the progress the industry has made. The coordinated social engineering attack compromised the Twitter accounts of high-profile figures and organizations like Microsoft co-founder Bill Gates, Tesla founder Elon Musk, Amazon owner Jeff Bezos, former United States President Barack Obama and 2020 U.S. presidential candidate Joe Biden, among many others, to ask for Bitcoin in fake “giveaway” posts. When the story broke, the New York Times, BBC and other mainstream media outlets were quick to …
Decentralization / July 22, 2020
Hidden Messages Found in Transactions to Twitter Hack Bitcoin Address
Some of the largest and most influential Twitter accounts in the world were hacked earlier today to promote fake Bitcoin giveaways. But eagle-eyed Reddit users have spotted a series of hidden messages in transactions sent to the Bitcoin wallet at the center of the scam. Prominent accounts targeted in the Twitter attack included Joe Biden, Elon Musk, George Wallace, Bill Gates, Kanye West, Kim Kardashian, Wiz Khalifa, Warren Buffett, Mike Bloomberg, Barack Obama and Jeff Bezos. The accounts were hacked with a message promising that if users sent BTC to a particular address, they would get a 2:1 return. According …
Technology / July 16, 2020
Indian prime minister Modi's hacked Twitter account attempts BTC scam
The official Twitter account of Indian Prime Minister Narendra Modi got compromised earlier today, which was then used to share misleading information about the mainstream adoption of Bitcoin (BTC) and redistribution of 500 BTC among the Indian citizens. On Dec. 10, Modi said in a virtual event virtual summit hosted by US President Joe Biden that technologies such as cryptocurrencies should be used to empower democracy and not undermine it: “By working together, democracies can meet the aspirations of our citizens and celebrate the democratic spirit of humanity.” While the long-awaited Lok Sabha Winter Session, a parliamentary meetup intended to …
Adoption / Dec. 12, 2021
Needed: A massive education project to fight hacks and scams
The common narrative around the prevailing threats to mainstream adoption of cryptocurrencies is that regulators will put the kibosh on their legality, it has to get much easier for “ordinary” people to use, and the magnitude of its volatility has to be tempered. All of these are true. But there’s something perhaps just as consequential: scams, hacks, fraudulent exchanges, dumps and the like. Why? Every attack leaves a scar. And the scars are mounting fast. According to a study by Chainalysis, scammers got away with $14 billion worth of crypto in 2021, which represents hundreds of thousands — maybe millions …
Technology / May 21, 2022