Twitter Bitcoin Giveaway Scams: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/twitterbitcoingiveawayscams.php}} thumb|TwitterOn July 15th, 2020, the largest breach ever occurred on Twitter with over 130 accounts compromised, including 45 password resets, which were then used to launch giveaway scams. In total, $120,000 worth of bitcoin were taken in the attacks. While the funds were recovered by authorities, there is no information on whether an...") |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/twitterbitcoingiveawayscams.php}} | {{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/twitterbitcoingiveawayscams.php}} | ||
{{Unattributed Sources}} | |||
[[File:Twittertakeover.jpg|thumb|Twitter]]On July 15th, 2020, the largest breach ever occurred on Twitter with over 130 accounts compromised, including 45 password resets, which were then used to launch giveaway scams. In total, $120,000 worth of bitcoin were taken in the attacks. While the funds were recovered by authorities, there is no information on whether any of the funds were returned to victims, most of whom were located in China. | [[File:Twittertakeover.jpg|thumb|Twitter]]On July 15th, 2020, the largest breach ever occurred on Twitter with over 130 accounts compromised, including 45 password resets, which were then used to launch giveaway scams. In total, $120,000 worth of bitcoin were taken in the attacks. While the funds were recovered by authorities, there is no information on whether any of the funds were returned to victims, most of whom were located in China. | ||
This is a global/international case not involving a specific country. | This is a global/international case not involving a specific country.<ref name="quora-7571" /><ref name="tampabay-7572" /><ref name="thehackernews-7573" /><ref name="thehackersnewstwitter-7574" /><ref name="btcdotcom-7575" /><ref name="thehackernews-7576" /><ref name="racheltobactwitter-7577" /><ref name="bbc-7578" /><ref name="jacktwitter-7579" /><ref name="twittersupporttwitter-7580" /><ref name="twitterblog-7581" /><ref name="camerontwitter-7582" /><ref name="bbc-7583" /><ref name="twittersupporttwitter-7584" /><ref name="wikipedia-7585" /><ref name="wikipedia-7586" /><ref name="nytimesarchive-7587" /><ref name="youtube-8472" /><ref name="amanusktwitter-8752" /><ref name="blockchair-8753" /><ref name="blockchair-8754" /><ref name="podcastsgoogle-10503" /><ref name="unnamed-11590" /><ref name="carnegieendowment-9983" /> | ||
== About Twitter == | == About Twitter == | ||
| Line 89: | Line 90: | ||
Don't Include: | Don't Include: | ||
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | * Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | ||
* Anything that wasn't reasonably knowable at the time of the event. | * Anything that wasn't reasonably knowable at the time of the event. | ||
| Line 110: | Line 110: | ||
!Description | !Description | ||
|- | |- | ||
|July 15th, 2020 2:24:00 PM | |July 15th, 2020 2:24:00 PM MDT | ||
| | |Main Event | ||
| | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
|- | |- | ||
| | | | ||
| Line 122: | Line 118: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited? | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost | The total amount at risk has been estimated at $400,000 USD. The total amount lost has been estimated at $120,000 USD. | ||
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | ||
| Line 135: | Line 134: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
The total amount recovered is unknown. | |||
What funds were recovered? What funds were reimbursed for those affected users? | What funds were recovered? What funds were reimbursed for those affected users? | ||
| Line 141: | Line 140: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Regulatory Prevention Policies == | |||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
[https://www.quora.com/What-is-this-Bitcoin-scam-on-Twitter What is this Bitcoin scam on Twitter? - Quora] (Mar 20) | <references><ref name="quora-7571">[https://www.quora.com/What-is-this-Bitcoin-scam-on-Twitter What is this Bitcoin scam on Twitter? - Quora] (Mar 20, 2022)</ref> | ||
<ref name="tampabay-7572">[https://www.tampabay.com/news/crime/2021/03/16/tampa-twitter-hacker-agrees-to-three-years-in-prison-in-plea-deal/ Tampa Twitter hacker agrees to three years in prison] (Mar 20, 2022)</ref> | |||
<ref name="thehackernews-7573">[https://thehackernews.com/2021/03/18-year-old-hacker-gets-3-years-in.html 18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack] (Mar 20, 2022)</ref> | |||
<ref name="thehackersnewstwitter-7574">[https://twitter.com/TheHackersNews/status/1283497653448265729 @TheHackersNews Twitter] (May 3, 2022)</ref> | |||
[https:// | <ref name="btcdotcom-7575">[https://btc.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh Address bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh - Bitcoin(BTC) - BTC.com Professional Data Service for Global Blockchain Enthusiasts] (May 3, 2022)</ref> | ||
[https://thehackernews.com/ | <ref name="thehackernews-7576">[https://thehackernews.com/2020/07/verified-twitter-hacked.html Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time] (May 3, 2022)</ref> | ||
[https://twitter.com/ | <ref name="racheltobactwitter-7577">[https://twitter.com/RachelTobac/status/1283509795316658176 @RachelTobac Twitter] (May 3, 2022)</ref> | ||
[https:// | <ref name="bbc-7578">[https://www.bbc.com/news/technology-53425822 https://www.bbc.com/news/technology-53425822] (May 3, 2022)</ref> | ||
[https:// | <ref name="jacktwitter-7579">[https://twitter.com/jack/status/1283571658339397632 @jack Twitter] (May 3, 2022)</ref> | ||
[https://twitter.com/ | <ref name="twittersupporttwitter-7580">[https://twitter.com/TwitterSupport/status/1283591844962750464 @TwitterSupport Twitter] (May 3, 2022)</ref> | ||
[https:// | <ref name="twitterblog-7581">[https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident An update on our security incident] (May 3, 2022)</ref> | ||
[https://twitter.com/ | <ref name="camerontwitter-7582">[https://twitter.com/cameron/status/1283498778960568320 @cameron Twitter] (May 3, 2022)</ref> | ||
[https:// | <ref name="bbc-7583">[https://www.bbc.com/news/technology-53433894 https://www.bbc.com/news/technology-53433894] (May 3, 2022)</ref> | ||
[https:// | <ref name="twittersupporttwitter-7584">[https://twitter.com/TwitterSupport/status/1289000448091807744 @TwitterSupport Twitter] (May 3, 2022)</ref> | ||
[https:// | <ref name="wikipedia-7585">[https://en.wikipedia.org/wiki/2020_Twitter_account_hijacking 2020 Twitter account hijacking - Wikipedia] (May 3, 2022)</ref> | ||
[https:// | <ref name="wikipedia-7586">[https://en.wikipedia.org/wiki/Talk:2020_Twitter_account_hijacking/Archive_1 Talk:2020 Twitter account hijacking/Archive 1 - Wikipedia] (May 3, 2022)</ref> | ||
[https://twitter.com/ | <ref name="nytimesarchive-7587">[https://web.archive.org/web/20200716223043/https://www.nytimes.com/2020/07/16/technology/twitter-hack-investigation.html https://web.archive.org/web/20200716223043/https://www.nytimes.com/2020/07/16/technology/twitter-hack-investigation.html] (May 3, 2022)</ref> | ||
[https:// | <ref name="youtube-8472">[https://youtu.be/1qsTgOpAIdw?t=1367 From Hacking $4.1 Million to Prison | The IRL Money Doubler - YouTube] (Jul 12, 2022)</ref> | ||
[https:// | <ref name="amanusktwitter-8752">[https://twitter.com/amanusk_/status/1283506958822244353 @amanusk_ Twitter] (Jul 24, 2022)</ref> | ||
[https:// | <ref name="blockchair-8753">[https://blockchair.com/bitcoin/transaction/63015d329fc7b9fde1809291ca4b483112ea9abe05bbe47fa6b8677ee860f119 Bitcoin / Transaction / 63015d329fc7b9fde1809291ca4b483112ea9abe05bbe47fa6b8677ee860f119 — Blockchair] (Jul 24, 2022)</ref> | ||
[https:// | <ref name="blockchair-8754">[https://blockchair.com/bitcoin/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh Bitcoin / Address / bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh — Blockchair] (Jul 24, 2022)</ref> | ||
[https:// | <ref name="podcastsgoogle-10503">[https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy5tZWdhcGhvbmUuZm0vZGFya25ldGRpYXJpZXM/episode/NGE3NTI1NzItNjFmZS0xMWVjLTk0NDItYWJiMDVhYTQwY2U0?ep=14 Darknet Diaries - 112: Dirty Coms] (Feb 5, 2023)</ref> | ||
[https:// | <ref name="unnamed-11590">[https://www.forbes.com/advisor/investing/cryptocurrency/bitcoin-scams-fraud/ Watch Out For These 4 Bitcoin Scams – Forbes Advisor] (Oct 17, 2022)</ref> | ||
[https:// | <ref name="carnegieendowment-9983">[https://carnegieendowment.org/specialprojects/protectingfinancialstability/timeline Timeline of Cyber Incidents Involving Financial Institutions - Carnegie Endowment for International Peace] (Dec 12, 2022)</ref></references> | ||
Latest revision as of 15:10, 10 May 2024
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
On July 15th, 2020, the largest breach ever occurred on Twitter with over 130 accounts compromised, including 45 password resets, which were then used to launch giveaway scams. In total, $120,000 worth of bitcoin were taken in the attacks. While the funds were recovered by authorities, there is no information on whether any of the funds were returned to victims, most of whom were located in China.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24]
About Twitter
"On July 15, 2020, Twitter suffered one of the biggest security lapses in its history." "What happened is that multiple Twitter accounts with large following, in and outside of the crypto community were compromised and used to send Tweets offering the opportunity for people to to double their money. All they had to do was send $x of BTC to a specified BTC address and they would get back double."
"[A]ttackers managed to hijack nearly 130 high-profile Twitter accounts pertaining to politicians, celebrities, and musicians, including that of Barack Obama, Kanye West, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Uber, and Apple." "Very high profile individuals like Kanye West and Kim Kardashian, Warren Buffet, Jeff Bezos and more. Within the crypto community accounts like Coinbase and CoinDesk were tricked to sending messages. Coinbase even went a step further and blocked users from sending transactions to these addresses."
"Subsequent investigation into the incident revealed that Clark and the other attackers seized the accounts after stealing Twitter employees' credentials through a successful phone spear-phishing attack, subsequently using them to gain access to the company's internal network and account support tools, change user account settings, and take over control."
"The Florida Department of Law Enforcement found that he accessed Twitter’s systems by convincing an employee he worked in the company’s information technology department. He then managed to access the company’s customer service portal." "Clark used the phony tweets to direct people to send bitcoin to accounts he owned, prosecutors said."
"The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools."
"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe." "The New York Times further affirmed that the vector of the attack was related to most of the company remote working during the COVID-19 pandemic. The OGUsers members were able to gain access to the Twitter employees' Slack communications channel where information and authorization processes on accessing the company's servers while remote working had been pinned."
"Ars Technica obtained a more detailed report from a researcher who worked with FBI on the investigation. According to this report, attackers scraped LinkedIn in search for Twitter employees likely to have administrator privileges account-holder tools. Then attackers obtained these employees' cell phone numbers and other private contact information via paid tools LinkedIn makes available to job recruiters. After choosing victims for the next stage, attackers contacted Twitter employees, most who were remote working due to the COVID-19 pandemic, and, using the information from LinkedIn and other public sources, pretended to be Twitter personnel. Attackers directed victims to log into a fake internal Twitter VPN. To bypass two-factor authentication, attackers entered stolen credentials into the real Twitter VPN portal, and "within seconds of the employees entering their info into the fake one", asked victims for the two-factor authentication code."
"By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts - Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7," the company said on July 31.
"The broadly targeted hack posted similarly worded messages urging millions of followers of each profile to send money to a specific bitcoin wallet address in return for larger payback."
"Everyone is asking me to give back, and now is the time," a tweet from Mr Gates' account said. "You send $1,000, I send you back $2,000."
"The attack appears to have been initially directed against cryptocurrency-focused accounts, such as Bitcoin, Ripple, CoinDesk, Gemini, Coinbase and Binance, all of which were hacked with the same message:"
"We have partnered with CryptoForHealth and are giving back 5000 BTC to the community," followed by a link to a phishing website that has since been taken down.
"On the official account of Mr Musk, the Tesla and SpaceX chief appeared to offer to double any Bitcoin payment sent to the address of his digital wallet "for the next 30 minutes"."
"As of writing, the scammers behind the operation have amassed nearly $120,000 in bitcoins, suggesting that unsuspecting users have indeed fallen for the fraudulent scheme." "The scheme netted about $117,000 in bitcoin before it was shut down." "All in all, nearly 13 BTC ($120,000) was taken." "Of the funds added, most had originated from wallets with Chinese ownerships, but about 25% came from United States wallets." "At least one cryptocurrency exchange, Coinbase, blacklisted the bitcoin addresses to prevent money from being sent. Coinbase said they stopped over 1,000 transactions totaling over US$280,000 from being sent."
"We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly." "Although the tweets from the compromised accounts have been deleted, Twitter took the extraordinary step of temporarily stopping many verified accounts marked with blue ticks from tweeting altogether."
"Account hijacks on Twitter have happened before, but this is the first time it's happened at such an unprecedented scale on the social network, leading to speculations that hackers grabbed control of a Twitter employee's administrative access to "take over a prominent account and tweet on their behalf" without having to deal with their passwords or two-factor authentication codes."
"The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud," the FBI's San Francisco field office said in a statement. "We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident." "The US Senate Commerce committee has demanded Twitter brief it about the incident next week."
"It cannot be overstated how troubling this incident is, both in its effects and in the apparent failure of Twitter's internal controls to prevent it," Senator Roger Wicker wrote to the firm.
"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the company said in a series of tweets. "Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing."
"With so much power at their fingertips the attackers could have done a lot more damage with more sophisticated tweets that could have harmed an individual or organisation's reputation."
"But the motive seems to be clear - make as much money as quickly as they can. The hackers would have known that the tweets wouldn't stay up for long so this was the equivalent of a "smash and grab" operation."
"For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true." "There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts."
"We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed."
"Graham Ivan Clark, 17, of Tampa, was arrested on 30 charges. Authorities say he was the "mastermind" of a July 15 Twitter hack scheme which gave him and two others access to the high-profile accounts of Bill Gates, Barack Obama and many other celebrities with millions of followers." "Clark, a student at Gaither High School, was arrested days later at his home in the Northdale area of Hillsborough County."
"Specifically, 30 felony charges were filed against Clark, including one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to computer or electronic device without authority."
"Prosecutors charged Clark in state court, they said, because state law allowed greater flexibility to try a minor as an adult in a financial fraud case."
"He took over the accounts of famous people, but the money he stole came from regular, hard-working people," Hillsborough State Attorney Andrew Warren said in a statement.
“Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences,” Hillsborough State Attorney Andrew Warren said in a statement. “In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future.”
"Provisions of the plea agreement require that Clark will be barred from using computers without permission and supervision from law enforcement. He will have to submit to searches of his property and give up the passwords to any accounts he controls."
"His defense attorney, David Weisbrod, confirmed that Clark had turned over all the cryptocurrency he had acquired."
"Additionally, the three individuals attempted to monetize this entrenched access by selling the hijacked accounts on OGUsers, a forum notorious for peddling access to social media and other online accounts."
"Two others, Nima Fazeli of Orlando and Mason Sheppard of the United Kingdom, were also charged with federal crimes related to the scheme."
"In light of the hacks, Twitter said it's making security improvements aimed at detecting and preventing inappropriate access to its internal systems, which were used by more than 1,000 employees and contractors as of early 2020."
"We’re always investing in increased security protocols, techniques and mechanisms – it’s how we work to stay ahead of threats as they evolve. Going forward, we’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams. We will continue to organize ongoing company-wide phishing exercises throughout the year."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| July 15th, 2020 2:24:00 PM MDT | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount at risk has been estimated at $400,000 USD. The total amount lost has been estimated at $120,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
The total amount recovered is unknown.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ What is this Bitcoin scam on Twitter? - Quora (Mar 20, 2022)
- ↑ Tampa Twitter hacker agrees to three years in prison (Mar 20, 2022)
- ↑ 18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack (Mar 20, 2022)
- ↑ @TheHackersNews Twitter (May 3, 2022)
- ↑ Address bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh - Bitcoin(BTC) - BTC.com Professional Data Service for Global Blockchain Enthusiasts (May 3, 2022)
- ↑ Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time (May 3, 2022)
- ↑ @RachelTobac Twitter (May 3, 2022)
- ↑ https://www.bbc.com/news/technology-53425822 (May 3, 2022)
- ↑ @jack Twitter (May 3, 2022)
- ↑ @TwitterSupport Twitter (May 3, 2022)
- ↑ An update on our security incident (May 3, 2022)
- ↑ @cameron Twitter (May 3, 2022)
- ↑ https://www.bbc.com/news/technology-53433894 (May 3, 2022)
- ↑ @TwitterSupport Twitter (May 3, 2022)
- ↑ 2020 Twitter account hijacking - Wikipedia (May 3, 2022)
- ↑ Talk:2020 Twitter account hijacking/Archive 1 - Wikipedia (May 3, 2022)
- ↑ https://web.archive.org/web/20200716223043/https://www.nytimes.com/2020/07/16/technology/twitter-hack-investigation.html (May 3, 2022)
- ↑ From Hacking $4.1 Million to Prison | The IRL Money Doubler - YouTube (Jul 12, 2022)
- ↑ @amanusk_ Twitter (Jul 24, 2022)
- ↑ Bitcoin / Transaction / 63015d329fc7b9fde1809291ca4b483112ea9abe05bbe47fa6b8677ee860f119 — Blockchair (Jul 24, 2022)
- ↑ Bitcoin / Address / bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh — Blockchair (Jul 24, 2022)
- ↑ Darknet Diaries - 112: Dirty Coms (Feb 5, 2023)
- ↑ Watch Out For These 4 Bitcoin Scams – Forbes Advisor (Oct 17, 2022)
- ↑ Timeline of Cyber Incidents Involving Financial Institutions - Carnegie Endowment for International Peace (Dec 12, 2022)