The Twitter Bitcoin Scam (2020): A Real-World Social Engineering Case Study

It’s one of the most famous real-world cyber attacks in recent memory. In July 2020, verified Twitter accounts belonging to Barack Obama, Joe Biden, Elon Musk, Bill Gates, and Kanye West were suddenly tweeting the same shocking message:

“I am giving back to the community. All Bitcoin sent to the address below will be doubled!”

Sounds laughably obvious, right? Yet in just a few hours, this Twitter Bitcoin scam stole over $121,000 in Bitcoin.

But the money wasn’t the true loss. The real damage was to trust—proof that even the world’s biggest platforms with billion-dollar security budgets are vulnerable to a simple voice phishing attack (vishing).

How the Twitter Bitcoin Hack Happened: Step-by-Step Breakdown

1. Reconnaissance (Employee Targeting): Attackers identified Twitter employees with access to sensitive internal tools by scouring LinkedIn and other platforms.
2. The Vish (Phone Phishing): Pretending to be Twitter IT staff, they called employees and convinced them they were fixing urgent internal issues.
3. Credential Harvesting: Employees were tricked into logging into a fake internal portal, handing over usernames and passwords.
4. Admin Panel Takeover: With stolen credentials, attackers gained access to Twitter’s “agent tool”—a dashboard that can control any account.
5. Cashout Scam: The hackers hijacked high-profile accounts, locked out real owners, and launched the Bitcoin scheme.

For a full breakdown of phishing vs. vishing techniques, check our Cybersecurity Basics: Common Risks Guide.

The 3 Security Failures Twitter Missed

1. Human Risk Awareness Was Weak

Employees fell for a basic vishing call.
Fix: Run ongoing phishing & vishing simulations, and teach staff to verify suspicious requests using known IT helpdesk numbers.

2. Privileged Access Management Was Poor

Too many employees had access to a single point of failure: the admin panel.
Fix: Enforce zero-trust principles, least privilege access, and phishing-resistant MFA (like FIDO2 keys).

3. Real-Time Monitoring Was Ineffective

Attackers controlled dozens of VIP accounts for hours without detection.
Fix: Deploy User and Entity Behavior Analytics (UEBA) and trigger automatic lockouts when anomalies occur.

Key Takeaways From the Twitter Bitcoin Scam

• People are the weakest link in cybersecurity. Firewalls don’t matter if employees give up credentials over the phone.
• Multi-Factor Authentication (MFA) is non-negotiable. Had Twitter used phishing-resistant MFA, this breach would likely have failed.
• Privileged accounts are crown jewels. Treat them with extreme security measures, not like normal logins.

Why This Case Still Matters in 2025

Even years later, the Twitter Bitcoin hack is cited in cybersecurity awareness training worldwide. It’s a perfect example of how social engineering attacks bypass technology by exploiting human trust.

If Twitter can be breached, so can your business. The question is: are you prepared?

What To Do Next

• Download our Phishing Simulation Checklist to test your team’s resilience.
• Learn how to implement Privileged Access Management (PAM) on a budget.
• Explore our guide to Phishing-Resistant MFA Solutions for enterprise security.