An unexpected hero has emerged from the hack of high-profile accounts on Twitter last week: Cryptocurrency exchange Coinbase Inc. said today it prevented more than 1,000 customers from sending bitcoin to accounts operated by those behind the hack.
In the hack of Twitter Inc., dozens of “blue checkmark” accounts, including those of former President Barack Obama and Tesla Inc. Chief Executive Officer Elon Musk, tweeted scam messages that said that if people sent $1,000 in bitcoin to a bitcoin address, they’d be sent $2,000 in bitcoin in return.
Although most people would immediately identify the tweets as being an outright scam, some fell for it given the credibility of the account holders seemingly making the tweets.
Those behind the hack are estimated to have received $121,000 in bitcoin payments, but the figure could have been higher, given that Coinbase blocked just over 1,100 customers from sending a total of 30.4 bitcoin, worth $278,000, to the scam accounts.
“We noticed within about a minute of the Gemini and Binance tweets,” Philip Martin, Coinbase chief information security officer told Forbes. Bitcoin exchanges Gemini and Binance were targeted before Coinbase. Martin added that only 14 Coinbase users were able to send around $3,000 in bitcoin to the scam bitcoin address before Coinbase blacklisted it, preventing other users from sending bitcoin payments to it.
Both Binance and Gemini, along with Kraken also told Forbes that they also stopped payments going to the address but their users did not attempt to send anywhere near the volume of bitcoin payments that Coinbase users did.
Bitcoin payments and transfers can all be tracked and traced on the bitcoin blockchain and that’s exactly what some are doing with the funds scammed via the Twitter hack.
Blockchain analytics firm Elliptic told The Block that some of the stolen bitcoin has moved to some exchanges and bitcoin mixers like Wasabi wallet. Bitcoin mixers are let users mix their coins with other users in order to obscure the trail back to the funds’ original source. So far 2.89 bitcoin, or 22% of the bitcoin gained from the scam, has been sent to Wasabi wallet.
In other cases, small amounts of the stolen bitcoin have also been found to have been sent to or through leading exchanges BitPay and Binance. In the case of BitPay, the equivalent of $25 from one of the Twitter hacker’s addresses was detected being paid to BitPay merchant, while Binance detected the equivalent of $10 in bitcoin being sent to a hosted wallet. In both cases, it’s believed that those behind the attack are attempting to confuse blockchain researchers.