Coinbase Blocked Twitter Hackers From Stealing An Extra $280K

Coinbase Blocked Twitter Hackers From Stealing An Extra $280K

Coinbase says that it was able to block its customers from sending approximately $280,000 to the Twitter hackers who, last week, took over high-profile accounts to push a massive bitcoin scam.

The US-based cryptocurrency exchange, home to over 35 million users from 100 countries, blacklisted the Bitcoin addresses used by the scammers within minutes after the attack started.

By doing that, Coinbase prevented roughly 1,000 users from getting scammed and sending 30.4 bitcoins to the Twitter hackers’ wallets.

“We noticed within about a minute of the Gemini and Binance tweets,” Coinbase Chief Information Security Officer Philip Martin told Forbes.

Compared to the total number of people using the crypto exchange for buying, selling, and storing cryptocurrency, “[i]t was a vanishingly small group of Coinbase users that tried to send bitcoin to the scam address,” Martin added.

Even with the Bitcoin addresses blacklisted almost right after the scam started making rounds around Twitter, 14 Coinbase users were still able to transfer roughly $3,000 to the attacker-controlled address.

Without Coinbase’s quick reaction, the attackers would have got their hands on almost $400,000 increasing their “profit” four-fold from the almost $120,000 worth of bitcoins they managed to scam out of their victims during the attack.

Also read: Completed DPIA Example: 7 Simple Helpful Steps To Create

Twitter said after investigating the attack that hackers targeted 130 Twitter accounts after getting their hands on the credentials of a number of employees and gaining access to tools only available to Twitter internal support teams.

The Twitter accounts of multiple tech companies including @Apple and @Uber, several tech executives, celebrities, and politicians such as @JeffBezos, @BarackObama, @elon_musk, @kanyewest, @JoeBiden, @BillGates, and @WarrenBuffett, and crypto exchanges including @coinbase, @Gemini, and @binance are just a small sample of the 130 ones used by the hackers to promote their Bitcoin scam.

“For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets,” the company added. “In addition, we believe they may have attempted to sell some of the usernames.”

“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our ‘Your Twitter Data’ tool,” none of these being verified accounts.

After detecting the attack, Twitter immediately blocked the hijacked accounts from tweeting and resetting their user passwords.

Three hours later, Twitter restored tweeting functionality to the affected accounts but stated that it might still become unavailable during the ongoing investigation.

The company also said that it found no evidence of the intruders gaining access to the accounts’ passwords and that they will not be reset.

Twitter is continuing the forensic review of all accounts targeted in last week’s attack, as well as the investigation and cooperation with law enforcement.

Also read: 12 brief explanation about the benefits of data protection for business success