More than a dozen verified Twitter accounts, including two belonging to members of Congress, were apparently hacked on Monday as a part of a scam to steal bitcoin.
The scam involved unknown hackers taking over verified Twitter accounts and then changing their display names and profile images to imitate Tesla CEO Elon Musk’s account. The two Democratic members of Congress who were apparently hacked are up for re-election on Tuesday.
Twitter users on Monday morning began noticing bizarre promoted posts that appeared to be from Elon Musk’s verified Twitter account. The posts announced that Musk had decided to resign as director of Tesla and was giving away 10,000 bitcoin. “I decided to make the biggest crypto-giveaway in the world, for all my readers who use Bitcoin,” the posts read in part. A link at the bottom of the tweets took users to a page with instructions to send “0.1 to 3 BTC”—currently valued at about $640 to $19,000—to a wallet in order to verify their addresses. In exchange, the page promises that people will receive “1 to 30 BTC,” the equivalent of about $6,400 to $192,000. The scam wallet has received more than $177,000 as of Monday afternoon.
Though the combination of the image, display name, and blue “verified” checkmark may be deceiving, it becomes obvious upon looking at the account handles that the tweets were not actually from the Tesla CEO. Instead, they were hacked accounts belonging to companies like Pantheon Books, the U.K. branch of the film-production company Pathé, and the U.K. family retailer Matalan. The Twitter account belonging to the re-election campaign for New Jersey Rep. Frank Pallone was also reportedly hacked to publicize the phony giveaway.
The hackers seem to have used other compromised accounts to comment on the fake Musk tweets in an attempt to give them credence. The accounts for Flex Watches, BevMo!, the Philippines’s National Disaster Risk Reduction and Management Council, and other verified entities left replies such as “+40 BTC, thank you! For me it is a lot of money!” and “+25 BTC, I LOVE YOU ELON!” Multiple Twitter users have also posted screenshots of what appears to be an account belonging to Michigan Rep. Brenda Lawrence commenting “I sent 2.7 BTC and got back 54 BTC!” on a phony tweet from Rep. Pallone’s account. It looks that those comments have been taken down.
(Lawrence’s communications representative did not respond to requests for comment and has not responded publicly.)
Elon Musk has become a popular target for Twitter impersonators looking to cash in on his influence in the tech world. A common tactic involves scammers disguising their accounts to look like Musk’s and then replying to his real tweets with phony cryptocurrency offers, which could trick people into thinking the tweets are all a part of the same thread. The scams became so prevalent that Twitter began locking accounts if users tried to change their display names to “Elon Musk.” The hackers in this case may have circumvented this locking mechanism by replacing the L in “Elon” with a similar-looking character.
Twitter did not respond to request for comment.