Twitter hackers shifting money in Bitcoin wallets leave trail
Hackers gained access to the Twitter accounts of executives including Amazon.com Inc. Chief Executive Officer Jeff Bezos and Tesla Inc. Founder Elon Musk, asking users to direct Bitcoin to one of three different accounts
Whoever is behind the security incident involving some of the most prominent business and political leaders on Twitter -- a scam that raised about $120,000 worth of Bitcoin -- is shifting the spoils around online accounts, creating the beginnings of a digital paper trail that investigators are scouring for clues.
Hackers gained access to the Twitter accounts of executives including Amazon.com Inc. Chief Executive Officer Jeff Bezos and Tesla Inc. Founder Elon Musk, asking users to direct Bitcoin to one of three different accounts, said Tom Robinson, co-founder of Elliptic, which helps law-enforcement agencies track Bitcoin-related crime.
Bitcoin offers users a degree of anonymity, making it a popular vehicle for criminal behavior. But investigators can glean valuable information in cases where the cryptocurrency is moved to accounts, or wallets, that have carried out transactions with certain U.S. exchanges or services. That's because U.S. exchanges typically take pains to verify user identity.
“Sharing this information fast with the authorities worldwide and with companies from the ecosystem, will help us stop the stolen funds and find more info about the attackers,” said Itsik Levy, co-founder of Whitestream, a Bitcoin researcher.
The attackers received just over 400 payments, valued at $121,000, according to Elliptic. The largest payment came from a Japan-based exchange, and totaled about $42,000.
Soon after they were initially collected in the three accounts, the funds started moving around. About $65,000 of the $120,000 quickly moved to other Bitcoin addresses, one of which has been active in the past and has transacted with a U.S. exchange, Robinson said.
Of the amount moved, about $60,000 was directed to a Bitcoin address that has been active since May, Whitestream said. That address had interacted with Coinbase Inc., the largest U.S. crypto exchange, as well as payment processors BitPay and CoinPayments, Whitestream said. Coinbase declined to comment. BitPay and CoinPayments didn't immediately return requests for comment.
The money that was initially collected in three Bitcoin addresses has now been moved to 12 new addresses, according to Elliptic.
The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) issued an advisory Thursday saying crypto exchanges and other financial institutions should report any suspicious activities related to the hack as soon as possible. New York Governor Andrew Cuomo said the New York Department of Financial Services will investigate the incident, and, according to Reuters, the Federal Bureau of Investigation is also on the case.
Read more: Twitter Hack Snags Obama, Biden, Gates Accounts in Bitcoin Scam
Discovering the perpetrators could still take time and prove challenging.
“It depends on what they do next, it depends on how they try to cash out,” Robinson said. If they try to use a regulated exchange in the U.S., finding them will be easy. But if they try to cash out through one of the hundreds of small, unregulated exchanges, that could be harder, he said.
“They are obviously sophisticated in that they didn't send these funds directly to an exchange to cash out,” Robinson said.
About a quarter of the funds the hackers acquired came from accounts tied to North America, and more than 50% from accounts in Asia, according to Elliptic.
While Bitcoin is supposed to be difficult to track, a number of tracing firms have sprung up to help law enforcement. Exchanges and other providers have begun collecting more information on their customers. So law-enforcement agencies have been able to track stolen Bitcoins many times in the past.
Aside from prominent political and business leaders, the attacks also affected many crypto companies like the Gemini exchange. The hacked accounts promised to double the amount of money sent to their Bitcoin address.
Coinbase has begun blocking its users' payments sent to the hackers' accounts. “We are essentially blacklisting addresses as we see them posted in the scam tweets,” said Elliott Suthers, a spokesman for Coinbase.
Gemini also blocked the attackers' accounts, according to a Gemini spokesperson.
Another reason Bitcoin is an attractive target for scammers is that it can be used worldwide. While Bitcoin's price dropped at the beginning of the Covid-19 pandemic, it has since recovered, and is up roughly 30% since the beginning of the year.
Written by Olga Kharif.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.