The Blue Check Hack: Who, How, and Why?

How could someone be clever enough to hack Twitter but stupid enough to make a scam so obvious that it only stole about $120,000?

There are a number of possible answers to this question, but let us begin by reviewing the facts. The hacker started by selling already in-use Twitter handles for hundreds or thousands of dollars. They then began the “send me Bitcoin and I will send back double” scam, first through crypto-related accounts like Binance, Coinbase, and Gemini, and soon after through celebrity and company accounts with large followings including (in chronological order) Elon Musk, Bill Gates, Apple, Kanye West, Jeff Bezos, Joe Biden, Warren Buffett, Barack Obama, Floyd Mayweather, and Kim Kardashian.

The hacker made the vast majority of their money through the last part of the scam, much less than that through the crypto-related accounts, and even less than that by selling the usernames in the beginning. It seems like the improvised work of an amateur, but if that was the case, why haven’t they been caught yet? If the hacker was no dummy, his scams seem odd contrasted against his ability to have hacked Twitter. One possible explanation could be that the opportunity for the hack was spontaneous and the hacker had little or no time to plan the scam. Another could be that the hacker had reason to believe this scam would generate much more money than it did and that it simply failed to do so. Perhaps the perpetrator was a Twitter employee who did not need to hack anything at all to pull this off, but again, it seems to me that someone like that would have been caught already.

There is, however, another possible answer that does not solve the question posed in the beginning of this piece but rather leads to the asking of additional difficult-to-answer questions. What if the hacker’s goal was not to make money through the obvious scam? If that was the case, what could their ulterior motive have been? In considering this question, it is helpful to think about the impacts of the hack outside of the relatively low number of bitcoins that changed hands as a result of it.

First, this is not a good look for Twitter. This is not the first case where Twitter has been hacked and it is the worst case where Twitter has been hacked. As of this writing, there has been no definitive message from the company to suggest that this issue has been fully resolved and that the hacker has lost any and all control. Until that announcement is made, I will consider this an ongoing incident. It seems possible though probably unlikely to me that there could be more damage to be done.

Second, this is a point for decentralization and a strike against centralization. In this incident, Twitter, a centralized system, was hacked to conduct an unpunishable crime using Bitcoin, a decentralized system. It demonstrates the vulnerability of centralized systems where unfathomable amounts of control lie in the hands of one company or even a single individual. It also highlights the uncensorable nature of a decentralized system where there is nothing that anyone can do to confiscate money that is transacted or to reverse any transactions that were at one time agreed upon. It is important to recognize that all of the money that people lost in the scam was money that they gave away by their decision, regardless of how soon they later came to regret it.

Third, this counterintuitively helps further legitimize the value of Bitcoin, even though it was used to facilitate a significant scam. It speaks volumes about the security of Bitcoin that someone went and hacked one of the largest social media platforms in the world in an effort to steal some. If Bitcoin was hackable, one would have expected a hacker who wanted some to go and steal it directly from people’s wallets. Considering the hacker could have made more money by stealing a few relatively small Bitcoin wallets, why would they go to such great lengths to hack the entirety of Twitter instead? It is only reasonable to conclude that Bitcoin must be significantly more difficult to hack. Separately, this sends a loud message that the most impressive hack in recent memory was executed in an effort to steal Bitcoin. In other words, the hacker had the opportunity to send a message through trusted celebrity profiles with hundreds of millions of followers around the world and what was the message that they chose to spread? “Please send Bitcoin.”

Since I still have many more questions than answers, I will end by sharing several of them. What if the hacker’s main objective was not to make money but to destroy people’s trust in Twitter? What if it was to send Twitter’s stock crashing down in the near-term and the company down with it in the long-term? What if it was only to demonstrate the dangers of centralized systems? Could this have been a noble act to prevent the possibility of more dangerous hacks by bad actors in the future? I am not saying that it was by any means, but could it have been? What if the hacker sent back all of the money they received from the scam? What if they actually sent it back doubled like they said they would? How would that effect the reputation of Bitcoin? How would that effect the price? Why haven’t the prices of Twitter or Bitcoin moved any more than on the average day as a result of this event? Doesn’t that seem a little odd? Did the hacker expect these prices to move one way or the other? Was that a part of their plan? Is the hacker not done yet? What else don’t we know about? How much could the hacker have made by searching and screenshotting a few celebrity DMs and blackmailing them with that information? Why did the hacker make this such a public event? What if they just hacked it to show that they could? What if the hacker was some Twitter employee’s teenage brother or sister or kid? What if they just hacked it for fun?

There are countless questions left unanswered and I do not know if any of them ever will be. The most likely scenario remains that The Blue Check Hack simply was what it seemed to be, an impressive hack that resulted in an unimpressive scam. Still, it is interesting to think of the possibility that something else may have happened here or that something may still be going on.