Wednesday night’s Twitter hack was not a good look for Bitcoin.
Hackers took over accounts belonging to such well-known figures as Elon Musk, Bill Gates and Barack Obama in an apparent effort to earn income by scamming people out of Bitcoin, a form of digital currency. The scam itself was fairly common, but the fact that hackers were able to use prominent figures’ official accounts to perpetrate the attack is unusual and may have made unsuspecting people more likely to fall victim to it.
While it was the currency used to quickly cash in on the hack, Bitcoin is not really to blame for Wednesday night’s attack. But there are some characteristics of Bitcoin that may make carrying out — and getting away with — such a scam easier than if it had been done by other means. Regulators have previously expressed concern about Bitcoin over its history of use by fraudsters.
Still, experts in the cryptocurrency industry say they think Wednesday’s hack is unlikely to significantly undermine trust in, or adoption of, Bitcoin or other digital currencies.
“It’s certainly not the type of publicity that we want for Bitcoin or any other cryptocurrency,” said Kristin Smith, executive director of industry trade group Blockchain Association. “But it’s really important to realize that this was a hack and the crime is the hack, it’s not the fact that Bitcoin was the desirable prize of this attack.”
Experts say the effects of the attack were likely mitigated by the fact that this was not a new type of scam. Followers of Elon Musk and other major figures may be used to seeing such offers tweeted out in the replies to those celebrities’ tweets.
It’s known as a “Giveaway Scam,” in which hackers encourage people to send Bitcoin to a digital wallet, and promise to send back double the money in return. It’s often done under the guise of wanting to give back to a community or followers, as was the case in Wednesday’s hack. But, instead, the scammer makes off with the money.
Typically, scammers carry out such attacks by, for example, making a Twitter account almost identical to a famous person’s profile — same profile picture, same name and hard-to-detect tweaks to the handle — and responding to one of that famous person’s tweets with the offer, making it look like it was the famous person saying it.
“People see this happen underneath Elon Musk’s Twitter account all the time,” Neeraj Agrawal, director of communications at Coin Center, told CNN Business. “People have already been introduced to this concept of the giveaway scams.”
In Wednesday’s case, though, the offers were coming straight from the (hacked) verified accounts of celebrities.
Challenges of a decentralized system
One aspect of Bitcoin usually lauded as a benefit by adopters is the fact that it’s not controlled by a centralized authority, such as a bank. That means it’s not tied to any government (which could, for example, enact policies that devalue a currency) and users don’t have to trust any one organization to protect their money.
But in the case of Wednesday’s attack, it also means that people who were scammed don’t have anyone to go to for help getting their money back, the way one could go to their bank and ask it to reverse a fraudulent transaction. If a person sent $1,000 in bitcoin to a digital wallet hoping Elon Musk would send them back $2,000, they’re probably out of luck.
“With Bitcoin, you have to understand what you’re using,” Agrawal said. “It’s much more akin to a (physical) dollar bill. If you hand it to someone, it is gone. There’s an increased sense of responsibility you have to have if you’re using it.”
However, there are some protections for Bitcoin owners, including using well-known, regulated exchanges.
Exchange companies Coinbase and Gemini — which were among the first to have their Twitter accounts used in the hack Wednesday — said they quickly put the hackers’ digital wallet addresses on a blocklist when they became aware of the scam, so users wouldn’t be able to send money to those accounts.
“Gemini identified the fraud immediately and added the fraudsters’ addresses to our blocklist in order to prevent our customers from falling victim to this scam,” Gemini said in a statement. “Scams like this are not unique to cryptocurrency, and unfortunately criminals will continue to conduct these scams, whether aimed at stealing traditional money or cryptocurrency.”
Because of the nature of Bitcoin, it could also be hard to determine who was behind the attack even though it’s easy to watch where the money went. Bitcoin wallets each have their own unique code but aren’t always attached to an actual person’s name. It’s not impossible, though (Robert Mueller did it) — bitcoin transactions are recorded on a public ledger that anyone can see, and clues can be found concerning where money from those transactions crosses over into the traditional financial system.
What will this mean?
Industry experts say they don’t expect Wednesday’s hack will lead to a regulatory crackdown on Bitcoin.
“Regulators will look at this and see that there is nothing different that could be addressed through policy than what they’ve been doing,” Agrawal said.
And some industry players say the hack actually points to a fundamental issue with Twitter and other centralized systems, and makes an argument for decentralized systems like Bitcoin.
“We don’t know how this hack happened, but when you have a centralized system where there’s a point of contact that the bad guys can point to and try to get into and penetrate, that’s very vulnerable,” Smith, of the Blockchain Association, said.