2020 Twitter bitcoin scam (July 15, 2020)

A coordinated mid‑July 2020 compromise of high‑profile Twitter accounts that promoted a bitcoin giveaway scam, exposing platform security weaknesses and prompting arrests and policy changes.

Overview

On July 15, 2020 a coordinated takeover of many prominent Twitter accounts resulted in fraudulent posts promoting a bitcoin giveaway. The messages asked followers to send cryptocurrency to a specified address with a promise of doubled returns. The incident began around 20:00 UTC and quickly drew attention because of the stature of the affected accounts and the speed of the spread.

How the attack worked

Investigators concluded the compromise used social engineering to gain access to Twitter’s internal tools rather than a simple password breach. Attackers persuaded or deceived employees into granting control of account-management systems, then used those tools to reset account settings and tweet from verified profiles. The scam tweets all carried similar wording and the same instructions to send bitcoin to a wallet controlled by the perpetrators.

Scale and targets

Numerous well-known and verified accounts were exploited, amplifying the fraud within minutes. Examples included politicians, business leaders, celebrities and corporate profiles. The visibility of these accounts made the scam unusually effective and highlighted the risks of centralized account controls.

Immediate consequences

Many compromised accounts were temporarily locked or had posting disabled while Twitter worked to regain control.
Victims who sent funds to the advertised bitcoin address lost money; investigators reported the wallet received a modest amount of bitcoin before law enforcement intervened.
Twitter limited internal tool access and implemented policy and technical changes to prevent similar intrusions.

Aftermath and significance

Authorities arrested and charged several individuals in connection with the attack. The event sparked debate about platform security practices, insider threats, and the intersection of social media and cryptocurrency fraud. It also prompted many technology companies to review employee access controls, authentication methods, and incident response procedures to reduce the risk of future large‑scale account takeovers.