Yesterday, a number of high-profile Twitter accounts started advertising a 2-for-1 offer on Bitcoin:
Shortly after, Twitter Support highlighted that they were aware of a security incident and were investigating.
The same text was used across a significant number of other users on Twitter, and a search for the bitcoin address yielded a number of similar or exactly the same message across hundreds of accounts, including @Apple (who have never tweeted), @JoeBiden, @BillGates and many others.
The tweets were subsequently deleted, but not before the messages had been seen by a large number of users. Over $115k has been paid to that account in the last few hours, although it has since been siphoned off into other accounts. Subsequent versions of the scam used slightly different bitcoin addresses as Twitter was deleting those tweets that contained the BitCoin account.
In the early stages of the attack, Twitter temporarily disabled verified (blue tick) accounts from Tweeting, giving error messages when those users attempted to tweet. This was a crutch to prevent the scam from going faster; however, all verified accounts (whether or not they had been used for this scam) were affected. This has a number of ethical implications; for example, the national weather service for Illinois was unable to broadcast its tornado warning on Twitter because it was blocked, although it has now been able to do so.
Since a number of the accounts used were known to have multi-factor authentication enabled, the question of how the attack took place became the focus of @TwitterSupport. They detected a co-ordinated social engineering attack on their employees which was then used to gain access to internal tools that made such tweets possible. The (internal) accounts used in the social engineering attack were terminated, which has prevented a more immediate escalation of the problem, and an urgent action to limit the tools' availability to employees was made.
At the current time, verified accounts appear to be able to be tweeting again, but some of the high profile accounts used in the original attack may be still locked pending verification of the handle's ownership.
It is perhaps fortunate that such an attack was limited to the intersection of those who follow high-proflie accounts such as Elon Musk and those who have BitCoin knowledge, but that more damage wasn't taken. Given the fact that politics worldwide is in stress due to the Coronavirus and the upcoming elections later this year in the United States, such an attack could have resulted in a lot worse consequences.