On July 15, dozens of celebrity accounts with millions of followers started tweeting a scam. Entrepreneur Elon Musk, Democratic presidential candidate Joe Biden, rapper Kanye West, former boxer Floyd Mayweather, or Apple and Uber officials said they were going to return in duplicate everything they got in bitcoins. There had been other hacks on Twitter , including the account of its founder, Jack Dorsey. But nothing is ever that massive. Twitter’s reaction was drastic: for a couple of hours, no verified account could post a message.
Since that day, a trickle of information has appeared, both official and media and expert speculation, indicating the origin and part of the magnitude of the problem. The most important detail is that, despite the feeling of sinking that there was in the company, the attack occurred in the middle of an operation launched by some twenty-something organized in a forum where all kinds of accounts and hacks are traded .
The day before the hack, a certain Kirk wrote in a Discord platform chat to another user: “I work on Twitter, don’t tell anyone, seriously.” Whether or not Kirk worked on Twitter, he somehow had access to the company’s internal dashboards. His goal was to offer to retrieve suspended accounts with his access to company tools or to do business with accounts called OG ( original gangster ), which are those with names of one or two characters, which gives a lot of cache in certain environments. For example, one of the founders of Twitter uses @ev, which is actually his name: Evan Williams.
The next day, before the celebrities started tweeting the bitcoin scam in the afternoon, the youth operation to grab the coveted accounts was underway. Some particularly valuable ones like @L, @ 6 or @W changed ownership, according to cybersecurity specialist Brian Krebs. The @ 6 account belonged to the late hacker Adrián Lamo, who became famous for betraying Chelsea Manning, the former military man who provided military information to Wikileaks and served time for it. Lamo’s father had left control of his network accounts to a friend of the deceased who that day said that someone had tried to hijack the account.