1,428 comments

[ 7.8 ms ] story [ 965 ms ] thread
This must be a twitter exploit. Just too many high profile accounts have been pushing out scams at the same time.
You'd think a 0day like that would be worth much more than the BTC they're going to receive.
Lots and lots of crypto accounts hacked. Either Twitter is hacked or some automated tweeting system has a 0day.
My bet is on some kind of client/marketing platform that all these accounts gave write permission to.

Edit: I stand corrected, many other comments mention that the offending tweets appear to be posted from the web app, so this suggests an issue within Twitter itself.

Some of these are really high profile hacks (Biden/Obama for eg). I'm wondering if its a silly twitter authentication bypass.
(comment deleted)
Top crypto currency accounts compromised
With the way that Elon tweets normally, someone could have done a lot of damage before anyone realized. Luckily markets have closed already.
There are quite a lot of trading bots that base their trades off high impact twitter accounts. I wonder how they would've reacted to this.
That sounds like a... high variance idea.
Elon Musk as well. Tweets still up, saying "Feeling greatful, doubling all payments sent to my BTC address!

You send $1,000, I send back $2,000! Only doing this for the next 30 minutes."

As of now, 121 people have sent cash totally more than 2.5BTC.

Edit: Just seen @BillGates compromised as well, same bitcoin account.

Edit 2: Elon's tweet seems to be getting removed, and then reposted again shortly after. About $40k sent so far.

Edit 3: Interesting to watch - on both accounts, tweets seem to be deleted and then reappear as pinned a few mins later.

Tweet is down now, but still in Google's cache.
They are reposting the same message on the hacked accounts again. This is a coordinated Twitter hack.
One thing we know now is that Twitter can take tweets down really quickly if they want.
> As of now, 121 people have sent cash totally more than 2.5BTC.

Fool and his money are soon parted.

We don’t know how much of that is the attacker sending himself to make it look legit.
Yeah, but they're incurring transaction fees…
Baiting the line isn't always free.
Fools, or people doing it for the lols
To be fair this does seem like something Elon would do
Where did you get the 2.5BTC number from?

It's more like 1.3BTC by looking up the address on their website.

https://bitref.com/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wl...

Edit: I stand corrected. Holy crap!

Those are both tiny sums anyway.
2.5 BTC = $23,000
Right, an inconsequential amount.
Don't know why you're getting downvoted here. The after hours moves in TWTR and TSLA (assuming they're mostly attributable to the hack) absolutely dwarf the amount collected by the hack itself. TWTR has shed about $643 million in market cap, TSLA $2.4 billion.
Why would an after-hours move of less than a percent in $TSLA be attributable to this hack?
A bug bounty policy that would have paid out $50k for a vulnerability like this could have prevented all this mess.

A huge impact just to steal (relative) peanuts.

Right, total about $55k received so far. Big numbers, sure, but probably not worth the heat you'd receive with going after such prominent accounts.
That explorer probably does not count unconfirmed transactions.
(comment deleted)
I've seen several live streams on youtube that replay spacex launches and display the same offer. Viewership goes up during actual launches. The one I found had 10k active viewers and the address they linked to had brought in 2btc in under an hour.
They do often supply some coins to themselves to create the illusion that there is activity.
I few weeks ago I saw two with 50k each...

Google has to step up it's game because their platforms aren't safe anymore.

That's like blaming the post office for chain letters.
Not really, the post office would actually do something if you said "this person is sending scams through your system". They'd do a lot more if 100 people walked in saying the same.

Google does nothing despite thousands of people reporting it.

It's bizarre how they ban completely innocuous stuff and allow the blatant scams to continue despite it being drawn to their attention though reports and twitter constantly?

I'm amazed that accounts at the scale of Elon and Bill Gates weren't locked down within moments. They've been reposting these for at least 30 minutes.

What is going on that Twitter didn't get them locked ASAP?

Also all of Apple's tweets deleted, and now posting the bitcoin thing as well: https://twitter.com/Apple/status/1283506278707408900

> What is going on that Twitter didn't get them locked ASAP?

I don't think Twitter itself knows yet.

Honestly, we should be relieved if thats all that was stolen. A more sophisticated attack would involve OTM puts on TSLA and a tweet along the lines of: "finding major defects in Ys and 3s. shutting down all lines to reconfigure for a week"

That could have netted the attackers millions.

Easier to trace, higher monetary investment etc. This they can likely get away with without risk of losing a big investment.
On TSLA? You can probably blend in with all the YOLOers on /r/WSB.
(comment deleted)
Yeah, buying out-of-the-money options is a dumb way of insider trading in general, but on TSLA specifically you might could get away with it. Just don’t make your first trade right before you post to Elon’s account.
Not that it changes your point, but hacking Musk's account to tweet wrong info about TSLA would be fraud, not insider trading, since they're not actually an insider. Either way, OTM options is a dumb way to profit on fraud or insider trading.
Profiting from fraud or insider trading is dumb already. Might as well get the most bang for your buck and leverage your scam to the tits.
That's way riskier though. There's a reason they are using BTC.
It would be also much easier to track. Significant gains this way would not go unnoticed.
Are you sure? TSLA is the most shorted stock in the US. I think it would be easy to blend in with the crowd.
They were talking about Twitter stock, not Tesla.
Do you know they haven’t shorted twitter? Lots of ways to play this game.
"Hacking Elon’s Twitter account and using it for a crypto scam rather than a stock-trading scam shows a complete lack of imagination" - Naval

https://twitter.com/naval/status/1283507218294292481?s=19

I disagree, a stock-trading scam would be way easier to track than crypto.
$20B of TSLA is being held short right now. How in the hell would the SEC discern you from any other Robinhood trader holding TSLA puts?
I'd wager the list of folks who: -hold a meaningful enough short position for a potential attack to be worth, say $500k or more (not a rando robinhood trader with a $200 put) -are not an existing bank or long term day trader

is already quite small, and could be quickly prioritized based on how anomalous the trade was, other flags (foreign national, software engineering babckground). I suspect the SEC could get to a workable list of 50 prime suspects reasonably easily.

There are people on /r/wallstreetbets who are blowing up 100k accounts on TSLA puts on Robinhood. On the front page of /r/wsb right now the 3rd highest post is someone who has lost 30k gambling on TSLA.

Even betting 20k would have probably netted you more than what was gained via BTC and you would still be indistinguishable from RH day traders.

this is the first thought that popped into my mind when hearing about it. Why are you quoting tweets as a reply on HN?
Are we certain that Twitter's share price won't be affected?
I can't find the tweet now, but Tavis Ormandy once talked about companies share prices often rebounding after a breach, so he was buying stock in companies that got hacked. Equifax was an example, I think.
An egregious example at that.
It's called "buying the dip" and it's not specific to hacks; it happens on all kinds of bad news.
It already is around $1.4 from the close on heavy volume. It's pretty clear that they have a major problem.
The popularity of Naval is something I fail to understand.
He was an investor of ours, and among the most useful. There was rarely a founder/investor issue he hadn't run into, or knew someone who had. That sort of help is invaluable to founders, especially given his experience and everything he knows about both raising, and building a company. He's really solid.
Fortune cookies syndrome, it affects millions.
What is that? I googled it and I didn't see anything, am I being stubborn?
Just guessing: fortune cookies are bite-sized tautologies, but people still eat them.
I guess he’s saying dishing out clever aphorisms is similarly like the sayings in fortune cookies.
Basically when someone says something vague enough to apply to many situations and people who hear it think he's telling the future.

"You will need clarity to deal with upcoming personal conflicts."

You get in a argument with your friend/spouse/partner/coworker, the fortune cookie sounds prophetic

Pseudo-philosophical vague sayings that appeal to the masses.
Here are a few I just invented to mimic these pseudo philosophers (modern day VC charlatans):

Tomorrow is a mist. Today's the sunshine.

Make the world better by building something anything today.

Build shit. Ship shit. That's all there is to success.

----- I almost feel like these Twitter personalities like Balaji, Naval, Chamath are the VC equivalent of Shia Lebouf. They became popular by shouting out loud. I have no idea why they matter at all in the computer science industry.

Going by your examples- I'd hazard you have a problem with a certain demographic. They are as free to post what they like- like you do. Don't be salty if people see through your shit and value theirs.
>>I have no idea why they matter at all in the computer science industry.

What is the computer science "industry"? To the extent that such a thing exists, I suppose you are talking about people who have directly made money by creating software (Chamath), or invested in companies which made money (Naval and Balaji). How can any industry exist if no money is ever made?

And whom do you propose people follow instead? :-)

With Balaji Srinivasan it is even worse. He is open supporter of Modi current prime minister of India(BJP party) and supports caste system. My advice is if you are not from upper caste(brahmins) do not waste your time with him.
(comment deleted)
Naval is wrong because fiat will be harder to launder while bitcoin is borderless censorship-resistant money.
In a stock scam it is already laundered, because there is no direct flow.
Market surveillance is much better than most people realize. The accounts making money on a scam like this would be identified, filtered for anomalous activity, and the people at the other end investigated.
They might be, but the money nevertheless is pretty clean (has an acceptable origin).

The way around this is to leave no traces of the hack or to cash in using another person.

I'd imagine picking a highly volatile stock with a lot of wallstreetbet bros in it, like TSLA, would serve to helpfully obfuscate your trades and their relationship to the hack.
Exactly, anything with lots of FD volume from autists to provide cover
How would it be harder to launder? You bet on a Tesla stock drop. That's perfectly legal. Musk tweets some bad news, and says he was hacked, but that doesn't mean you hacked him.
True, but it makes you a suspect for further investigation.
It's almost like people think he has some magical insight into to everything when really he's just a VC with severe survivorship bias.

The idiot has never hacked a thing for profit in his life.

Assuming the ultimate purpose for the hack is a crypto scam shows a complete lack of imagination.
Or SPX puts, /ES futures, etc and a tweet from a certain political account...
The hacker could have puts on Twitter as well. The Bitcoin scam might be just a cover / distraction so it looks like an unsophisticated hacker while the real money might be made with options contracts.
Yeah.. seeing twitter's drop thats definitely possible and pretty imaginative. but, twitter's drop wasn't that sharp. also, running this after hours means the options markets are closed and putting on a big short position can be super risky since there may not be a huge amount of liquidity to cover your position, then you'd have to sit on it overnight.
What makes you think they have not bet on stock as well?
Couldn't market-traded options be rolled back in the event of a hack, though?
My crazy theory: the real attack is on the Twitter stock price and the bitcoin is a distraction.
Then why not go big and hack @realDonaldTrump?
Nobody want a drone over their head.

seriously, this hackers are not so imaginative.

Hacking a former president and presidential candidate.... not really that far of a jump.
I assume each of his tweets have to be approved manually by some employees somewhere considering a hacker could start a war with his account.

Would make sense to have something like this for @jack, too — could explain why his bio was changed but he didn't tweet.

I think his bio always said #bitcoin. He owns the cash app.
It make no sense, the market was closed by the time of the attack. And they have started with bitcoin exchanges, not with the high profile accounts.
You can trade after hours but I really doubt that was the purpose.
Not enough volume so you can't blend in with /r/WSB that way
It makes potential sense in fact.

If this rocks Twitter to its foundation as a trustworthy platform, it's the end of Twitter as far as prominent figures being willing to utilize it. If Twitter loses its prominent figures edge, it's all coming down. Twitter has nothing else, it's mostly a broadcast platform for elite people in terms of where the extreme majority of all of its value is produced.

That said, that outcome is far-fetched. The content that was Tweeted appears to be far too benign to accomplish that outcome. The attackers seem to have intentionally avoided Tweeting anything particularly dangerous. If they were trying to ruin Twitter, they would have used the accounts to do something far worse, that would terrify prominent figures away from using the service.

I think they had one target in mind, to go after their DMs, and hit lots of accounts as a cover to hide which one was the primary target.

They could have just bought puts on twitter as it is currently down 4% after hours.
Now _this_ may be the real con! A much better idea.
It's not 100% guaranteed though; Tesla stock is odd. And it might be possible to people short selling who timed it exactly right.

This "scam", while crude, will probably not result in any loss and it would be much harder to catch them

(comment deleted)
The attack didn't start until after the markets closed.
they could have bought puts expiring tomorrow a few days ago
This is the route I would have taken, but not with OTM puts. It’s far easier to let the stock tank, then buy up calls knowing that the reason is bullshit, and wait for the price to recover and sell.

You will blend in perfectly because you have an alibi for why you are buying so many TSLA calls.

And when you buy an OTM put, it’s hard to predict what a good price would be exactly. How far do you think the stock would drop? With a call you could be fairly more confident it will return to a previous level.

That said, this kind of attack requires you to have a good amount of capital on hand, so you need to be a fairly independently wealthy hacker.

The SEC would be able to trace the trades, and the person would be busted. Bitcoin allows them to remain anonymous.
I would argue it's kinda the opposite. With some trades, the SEC knows who you are but there's no direct connection from your transaction to the hacking, so you're free to do whatever with the money and if your trade is this small it'll probably blend right in.

With Bitcoin, sure nobody knows who owns this account, but the blockchain will store every transaction this account and future accounts make, so trying to actually use the Bitcoin is a fair amount harder.

Sounds like "committing suicide" in a US super max with extra steps.

Golden rule is you don't steal money from rich people, only poors.

It would be ridiculously easy to track down those puts and narrow them to a possible hacker. Authorities would find them in hours.
Presumably, there was a fake BTC address to go along with that tweet? Otherwise I assume Musk would just return any money...
Haha, I apologise in advance, but for some reason, the tone of your post just made me chuckle. It just had an amusing sort if naivite'. It was most likely the hacker's own BTC address.
Yeah, I think I just had a brain-fart moment there
They could have inconspicuously joined the numerous TSLA shorters and made 100x that with one tweet
This strategy would require having money to begin with. It's a pretty big assumption that hackers have any money. If they had money, they wouldn't have to be hackers.
And it would need to be a relatively small bet compared to your total net worth to avoid detection by the SEC and the hack could fail at the exact time Tesla had a 20% pop leaving you underwater
Whatever hack you have that can take a verified account over with 2FA is worth some money... you could sell access to any account with this bypass...
Deep out of the money options are generally cheap and can have enormous returns.
My bet is that some Tweet posting API is missing a critical authentication check or the hackers found a way to bypass this check.

I doubt someone could individually hack all these accounts.

I mean why can they not stop the api? Why not just switch it off for a few minutes and figure out what is happening?
They would need time to figure out which API endpoint is affected. Twitter is not going to shut down everything just because one endpoint has a possible issue.
Barack Obama, Wiz Khalifa, Joe Biden, Floyd Mayweather as well
And just as I checked it, they pinned this tweet (an hour later)--

Elon Musk @elonmusk·38s

I am giving back to my community due to Covid-19!

All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000!

bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh

Only doing this for the next 30 minutes! Enjoy.

Joe Biden too. “He was ‘giving back to the community’” if you sent him money. They tailored the messages pretty well, I have to say.

Bezos “was maxing out at 50MM”!!

It's a sidenote, but it's so strange that that would be pocket money for him; just like donating 10$ for us. Gives you a sense of scale.
Partial list of hacked accounts here, https://twitter.com/Justin12393LEE/status/128349844588658688...

Mentions: - Bitcoin - Coinbase - BINANCE - CZ_Binance - Gemini - Kucoin - Gate .io - Coindesk - Tron - Justin Sun - Charlee Lee

Those are some big names. I got notified about Elon and bill gates, figured there was some large scale hack. Crazy times
This must be a shot over someone's bow.

Edit: Or a trading play? That would have taken place while the markets were open, though. TWTR after-hours trading is off 3% on the news.

So many accounts are affected, this seems to be a system-level hack rather than a compromise of individual accounts.

Someone has found a way to post a tweet from any account they like?

Some folks are saying some of these accounts had 2FA, so can be the case but I guess if it was a system thing, we might have seen tweets from more prominent accounts.
You would think they would do something with Trump if it was arbitrary accounts. But maybe his has additional protections
They're clearly trying to avoid the risk of being tracked. For example, they could have done stock manipulation and made more money. Trump is someone with the power and craziness to spend a hundred million tracking you down and literally dropping bombs on your head. So it'd be poor risk management to go after his account.
I agree, but only until the bombings, I mean he's the most anti-war president in living memory.
He killed a general from an opposition nation state...
https://www.nytimes.com/2017/04/13/world/asia/moab-mother-of...

> President Trump has bestowed additional authority on the Pentagon in his first months in office, which the military has argued will help it defeat the Islamic State more speedily. Mr. Trump did not say whether he had personally approved Thursday’s mission.

> “What I do is I authorize my military,” Mr. Trump said after a meeting with emergency workers at the White House. He called the bombing “another very, very successful mission.”

I think we can imagine being more anti-war than Trump.

Do you remember Jimmy Carter? Being anti-war means deescalation, diplomacy and solving problems without violence.

One theory is it's a tweet scheduling platform, rather than Twitter itself that was hacked.
No. Clicking into a tweet shows you which app was used to post it. https://help.twitter.com/en/using-twitter/how-to-tweet#sourc...

These tweets are showing up as being posted from the Twitter web interface.

Tweets posted through Twitter's ads platform, even non-ads scheduled tweets, will show up as normal twitter web posts.

And approved partners can use the corresponding API to post this way.

I've not checked twitter api docs but I've seen stuff like "Posted from: Zombo smart fridge" and was under the impression an app could fill that field in with whatever they like.
But is it necessarily true that the authentication token was generated with the same app used to post the tweets?
Its not hard to fathom that someone who was able to pull off a hack like this could have also found a way to mess with the metadata there.
Idle speculation isn't very helpful.
Parent takes the posted-from metadata as absolute truth.

I say it can't be relied upon when an active & involved hack is underway.

You provide nothing of value. What do you think this entire thread is, but for idle speculation?

It kinda is, if the premise is "they hacked a 3rd party app"
Might be a third party client, browser extension, insider threat... not necessarily a compromise of the Twitter backend.
Suggestion on Twitter is a third-party app that has write access to the accounts was compromised.
I do not think that a 3rd party tweet scheduling program has been hacked, because the tweets say they have been sent by “Twitter Web App”. Maybe the new feature on twitter.com to schedule tweets has a security vulnerability?
Whoever hacked Twitter today definitely got major access to their backend: https://twitter.com/whoisjuan/status/1283502962103455744?s=2...
> Whoever hacked @Twitter today definitely got major access to their backend

Is there any proof Twitter was hacked and not just these two accounts?

- Uber

- Apple

- Bill Gates

- Elon Musk

- Jeff Bezos

- Joe Biden

- Barack Obama

- Michael Bloomberg

- Kanye West

- Wiz Khalifa

- Bitcoin

- Ripple

- Coinbase

- BINANCE

- CZ_Binance

- Gemini

- Kucoin

- Gate .io

- Coindesk

- Tron

- Justin Sun

- Charlee Lee

That seems like someone got full access to the backend, not the accounts per se.

Also worth mentioning that the tweets get deleted but then they get added and pinned again.

Where is the proof someone got access to the backend and not those specific accounts? Seems more likely an API client got hacked, possibly one that high profile people might use like a tweet scheduler, but not Twitter, given their threat profile and resources. That would explain why 2FA accounts were affected.
There's no proof since there's no official incident writeup yet. For now there's just Occam's razor since majority/all of those accounts will be 2fa protected.
Yes. Also, we're about an hour in now, and Musk's account just sent out another tweet after the message had been posted and deleted several times. At this point, if it was just an account compromise, someone would have reset it by now
That's the most likely explanation. I don't see how else can someone compromise all those prominent accounts in a coordinated attack.
- Kanye West

- Barack Obama

> At least some of the compromised accounts have multi-factor authentication enabled, including CoinDesk's.

Interesting. I wonder if it was a SMS hack, and if not, then a new kind of vulnerability?

Is there a way to pin a tweet via SMS? I don't think so... and these tweets are getting pinned.
I believe OP meant that the attackers got access to the account by hacking SMS, thus getting the verification code and legitimately logging in the accounts.
Headline seems pretty editorialized.
Sounds exactly correct to me.
When I posted my comment the title simply read "twitter compromised". I'm not sure if the exact nature of the attack is known, but it definitely wasn't at the time.
No Trump?
I like to imagine that it would trigger some kind of alarm at the CIA/NSA/FBI and have drones surrounding the person's house within a few hours?
Surely a hack of this magnitude would be on the radar of many of those agencies already.
Biden / Obama would fall in that too though?
Perhaps Twitter has additional security around his account? An IP whitelist? Perhaps the President has a special version of the twitter client that includes additional authentication? Twitter is no fan of the current president, but it seems plausible for national security reasons.
Place your bets, phishing or bug exploit. Some of these targets are too high profile to all fall for it and probably have teams that manage these accounts securely. Edit: 2fa was bypassed, interesting. https://twitter.com/tylerwinklevoss/status/12834920178892595...
Sounds like an exploit. The article says that some of the accounts were confirmed to have multi-factor authentication enabled.
> multi-factor authentication enabled

It sure seems like multi-factor auth isn't very helpful, when nearly all hacks have nothing to do with breaking credentials.

> when nearly all hacks have nothing to do with breaking credentials.

This seems like a big claim to make. My understanding is that by far the most common reason accounts are compromised is password reuse combined with another site being compromised.

Sure, I guess that is a wrong assumption on my part.

Perhaps a better way to word it, is: two factor auth only seems to protect you if all the other parts of site authentication are solid, which rarely seems to be true.

Well of course if you exclude all of the attacks that didn't happen because 2fa was enabled, then ya, 2fa won't protect you against the ones that still happen. Lets compare this to.... car safety. Ya, if you get hit head on by an 18-wheeler on the highway, your seatbelt is only going to help you as much as the rest of the safety of the car. But in pretty much every other situation, I would be glad to be wearing my seatbelt.

It's uncharitable to focus on the small slice of situations that something doesn't work in order to deem it useless.

Reminds me of the iCloud phishing hack, a lot of high profile celebrities were hacked that time.
The leaked credentials of an employee at a tweet scheduling service theory sounds more plausible to me on the face of it.
Wouldn't Twitter have locked the affected accounts by now then?
As of your post it would seem to be a 20-30 minute response time. Happening fast it seems.
Betting on inside / direct database access or admin account.
Well then we're royally fucked if all it takes is a single rogue admin at this single, societally ubiquitous company to expose everything and let people fire off false declarations of war on each other or short TSLA and additionally make the entire concept of 2FA meaningless.

This was exactly what 2FA was supposed to prevent, and if this is to be believed then because of Twitter's implementation it was all worth peanuts in the end.

There are just too many eyes on Twitter for their administration to let this happen. Twitter has grown into too big and too valuable of a target at this point, and the moment this happens you can't prevent dumb people from falling for it thirty seconds after it gets posted and starts showing up in their feed.

Then why was it even possible to do this from the inside? What employee access controls did they have on administrative accounts?

I'm thinking they're going to need to dig an underground bunker and have everyone be in the presence of at least three other certified minders when a group of two dozen people at a tech startup are the last bastion of hope in preventing the disruption of global communications.

You seem to be greatly overestimating the level of security at most internet companies. I suspect most companies, even some of the huge tech giants, would be susceptible to a sufficiently privileged rogue admin. Heck, the entire NSA had huge amounts of their most sensitive data accessed by a rogue admin contractor.
I wasn't exactly thinking Twitter was perfectly or at least very secure. It just kind of blows my mind at the thought that they might not have considered that that kind of scenario was possible or the chance of it happening was so remote that... it ended up happening.

Maybe I just didn't want to worry about it seeing as Twitter provides me with some sort of value and did end up overestimating their level of preparedness and such.

I guess continuing to use Twitter anyways means being exposed to that risk at some point down the line.

Not really most sensitive, just their internal wiki. If Snowden would have had access to real sensitive data, the world would look different now.
Being a contractor is not unique - if you read his book, most of his co-workers were contractors on paper.
How many people have admin access to production? That is like a "in case of emergency break glass"-role at best.
Going differently, an internal API for managing accounts was exposed externally or not authorized correctly.
Way too many high profile accounts for phishing
A clear use case of Blockchain for the cryptocurrency detractors \s
This is looking really bad, I wonder what they used to get access to all these high-profile accounts?

It's worth noting these types of blackhat crypto scammers make millions a year from this already, but this is definitely making it a lot worse.

EDIT: Still going on after 30+ minutes, seeing people like Bill Gates tweet crypto scams still. Amazed they got all the crypto exchange too.

And it's not just Bitcoin, they got RIpple too and posted XRP addresses.

(comment deleted)
This is going to be a hilarious postmortem. If we ever see it.
Some reports that this was related to compromised OAuth tokens. How would someone know and what is the source of the compromise? A third party app that all of these accounts use?
Still going on. https://twitter.com/BillGates/status/1283503731682811907 What a disaster this stuff. Wonder how it was done.
It's amusing that the tweets keep coming, get deleted, reappear, get deleted...

I can't help but imagine how any account on twitter would be safe if the Bill Gates', Elon Musk's, and top crypto site's Twitters are compromised.

Pretty safe to assume they are all compromised until there is proof to the contrary.
Partially because it's twitter, I'm completely unable to determine if the responses are hacked accounts, joking, or actual people that sent money.

I suspect the actual numbers and percentages of the whole of each would be surprising...

also all @apple tweets have been deleted lol the hacker already got 6 BTC! this is crazy.