On July 15, 2020, Twitter experienced the largest security breach in its history when hackers compromised internal administrative tools and took control of accounts belonging to some of the world’s most prominent individuals and organizations. The hijacked accounts, including those of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Apple, Uber, and the official Bitcoin account, were used to post messages promoting a Bitcoin scam.
The fraudulent tweets followed a common pattern, promising to double any Bitcoin sent to a specified address. A typical tweet read: “I am giving back to my community. All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000!”
The attackers collected approximately 12.86 BTC (worth roughly $121,000 at the time) from victims before Twitter locked down the compromised accounts and temporarily prevented all verified accounts from tweeting.
The breach was traced to a social engineering attack on Twitter employees with access to internal tools. In July 2021, Graham Ivan Clark, a 17-year-old from Tampa, Florida, was sentenced to three years in prison after pleading guilty. Two co-conspirators, Nima Fazeli and Mason Sheppard, also faced federal charges.
The incident brought renewed attention to Bitcoin’s role in online fraud, but also demonstrated the transparency of the Bitcoin blockchain — the scam addresses were immediately identified and tracked by the community. The hack highlighted both the vulnerabilities of centralized social media platforms and the traceability of on-chain Bitcoin transactions.