A security incident involving some of the most prominent business and political leaders on Twitter duped people into sending at least $120,000 worth of Bitcoin to an anonymous online wallet, and more than half of that total has already been spirited to other accounts, according to a Bitcoin-tracing company.
The person or people behind the scam gained access to the Twitter accounts of executives including Amazon.com Inc. Chief Executive Officer Jeff Bezos and Tesla Inc. Founder Elon Musk, asking users to direct Bitcoin to one of three different accounts, said Tom Robinson, co-founder of Elliptic, which has helped law-enforcement agencies track Bitcoin-related crime. About $65,000 of the $120,000 collected from duped users has moved to other Bitcoin addresses, one of which has been active in the past and is registered with a U.S. exchange, Robinson said.
That money trail could prove useful to investigators in this case, since U.S. exchanges typically go through vigorous verification of user identities, and would probably have information on which name the account is registered under.
About half of the funds the hackers acquired came from users in the U.S., a quarter from Europe and the remainder from Asia, Robinson said.
Discovering the perpetrators could still take time and prove challenging.
“It depends on what they do next, it depends on how they try to cash out,” Robinson said. If they try to use a regulated exchange in the U.S., finding them will be easy. But if they try to cash out through one of the hundreds of small, unregulated exchanges, that could be harder, he said.
“They are obviously sophisticated in that they didn’t send these funds directly to an exchange to cash out,” Robinson said.
While Bitcoin is supposed to be difficult to track, a number of tracing firms have sprung up to help law enforcement. Exchanges and other providers have begun collecting more information on their customers. So law-enforcement agencies have been able to track stolen Bitcoins many times in the past.
Aside from prominent political and business leaders, the attacks also affected many crypto companies like the Gemini exchange. The accounts promised to double the amount of money sent to their Bitcoin address.
Coinbase Inc., the largest U.S. crypto exchange, has begun blocking its users’ payments sent to the hackers’ accounts. “We are essentially blacklisting addresses as we see them posted in the scam tweets,” said Elliott Suthers, a spokesman for Coinbase.
Gemini also blocked the attackers’ accounts, according to a Gemini spokesperson.
Already, as news of the scheme began making headlines, the rate of payments sent to the scam address has slowed down, Robinson said.
“I don’t think they’ll be able to raise much more, to be honest,” he said.
Bitcoin is an attractive target for scammers because it can be used worldwide. While Bitcoin’s price dropped at the beginning of the Covid-19 pandemic, it has since recovered, and is up roughly 30% since the beginning of the year.