July 15 Twitter hack: Bitcoin research reveals 3 reasons why it's unprecedented
As of 8 p.m. Eastern Wednesday, the wallet had received the equivalent of over $118,000 in donations.
On Wednesday afternoon, an important day for Twitter, the accounts of high-profile individuals — from Barack Obama to Elon Musk — erupted in a strange chorus.
With the top line, "I'm giving back to my community," the accounts seemed to advertise donation matching, but only if the cash was sent via the decentralized cryptocurrency currency that's perfect for scamming by its very design.
Bitcoin is a perfect fit for online scams, as a 2017 paper concludes, because it can offer truly anonymous transactions that are irreversible. That means you only need to get someone hooked once, and years of research has revealed how the best get it done.
Marie Vasek is a lecturer in computer science at University College London who studies bitcoin scams. Between 2011 and 2014, Vasek studied 41 bitcoin scams and found that $11 million dollars worth of bitcoin had been exchanged as a result of those scams.
Vasek's research reveals 3 ways that scammers usually get it done, and how this breaking scam is truly unique. As of writing, the wallet has received the equivalent of over $118,000 in donations.
1. Historically successful bitcoin scams target a few people and go for big donations
The research – In her 2015, paper Vasek notes that the most successful bitcoin scams often go after a few "big fish" or larger donations, rather than targeting many smaller donations. Here's how she puts it in the paper:
"We can see that the least successful scams tend to be the most equal, whereas the most successful scams are more unequal. Hence, for a scam to be successful, it appears that it must catch the few “big fish” who will pay the bulk of the money into the scam."
How it applies to this scam– By targeting high-profile Twitter accounts, this scam appears to have gone for breath rather than a few "big fish" donations. Collectively, the accounts hacked had at least 139.4 million followers, as Coindesk reported. So far, there have been 355 transactions as of writing.
2. The best scams leverage reputation
The research – Vasek's 2018 research is based on bitcoin scams that originate in forms. There, the newer the account, the more warning signs get sent off. Scams that originate from accounts created the same day typically die within four days of existing. When scammers wait just one day before posting, that life can be extended up to 26 days.
In the paper, the authors mention that this has to do with building reputation. On the internet, that's sometimes called a reputation mechanism (that's like looking at how many followers someone has to judge their legitimacy or how many reviews they've written before you decide to trust their judgment). As these authors write: "We demonstrate that having a reputation on the Bitcoin forum matters."
How it applies to this scam – Here the scammers are using the same principle, but going outside the world of bitcoin forums. Gaining access to celebrity accounts that range from the news outlet Coindesk to Kanye can confer them that reputation mechanism for just long enough to get one person to hit send.
3. The more shilling, the more successful the scam
The research – That 2018 paper also dives into how scammers need to engage with their intended victims to get them to bite. Specifically, she honed in on 344 threads where scams were advertised using only one post (not unlike the scam currently happening). Of those posts, only 50 percent lasted longer than one day.
The more the scammer shilled, the more that tended to elongate the scam's lifespan. While the average scam lasted about a week, scammers who repeatedly posted were able to extend the life up to three weeks.
"Scammers interacting with their victims seem to prop up their scam, at least in the short term," the authors write.
How it applies to this scam – These scammers had little opportunity to work the room. Immediately upon posting, high profile accounts like that of Joe Biden were "locked down" right away, a campaign aide told CNN. That said, on some accounts like Musks and Obamas the scammers were able to slip in a second post before being pushed out. "Just sent out $40,000" reads a tweet that went out from the former President's account at 5:35 p.m.
Even that may have increased their chances of success, even if they were clearly never going for longevity.
Go deeper:
- July 15 is an important day for Twitter. Maybe it's why hackers chose it.
- A complete list of every verified account that was hacked.
- How the July 15 Twitter hack unfolded in real-time.
- How secure is Twitter, anyway? Its history is spotty.
- Bitcoin is perfect for scams, which is why the hackers probably chose it.
From our friends at INPUT: