{"id":12869,"date":"2021-03-19T14:00:13","date_gmt":"2021-03-19T08:30:13","guid":{"rendered":"https:\/\/zebpay.com\/?p=12869"},"modified":"2025-11-21T10:09:32","modified_gmt":"2025-11-21T10:09:32","slug":"looking-back-at-the-2020-twitter-hack","status":"publish","type":"post","link":"https:\/\/zebpay.com\/in\/blog\/looking-back-at-the-2020-twitter-hack","title":{"rendered":"Reflecting on the Twitter Hack"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_66_1 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/zebpay.com\/in\/blog\/looking-back-at-the-2020-twitter-hack\/#How_did_such_a_young_team_break_through_the_defences_of_one_of_Silicon_Valleys_most_sophisticated_companies\" title=\"How did such a young team break through the defences of one of Silicon Valley\u2019s most sophisticated companies?\">How did such a young team break through the defences of one of Silicon Valley\u2019s most sophisticated companies?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/zebpay.com\/in\/blog\/looking-back-at-the-2020-twitter-hack\/#How_were_the_hackers_caught\" title=\"How were the hackers caught?\">How were the hackers caught?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/zebpay.com\/in\/blog\/looking-back-at-the-2020-twitter-hack\/#What_did_the_attack_mean_for_Bitcoin\" title=\"What did the attack mean for Bitcoin?\">What did the attack mean for Bitcoin?<\/a><\/li><\/ul><\/nav><\/div>\n\n<p><strong>On July 15, 2020 we witnessed the highest-profile Twitter hack since the platform\u2019s inception. The scheme reportedly collected ~3.69 BTC (worth approximately \u20b9 1 crore) before it was shut down. The group responsible has since been arrested and pled guilty to charges of fraud. But how were they caught? And what did this mean for crypto, especially in a country that was considering banning it entirely? We\u2019re reflecting on just that.<\/strong><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"680\" height=\"463\" src=\"https:\/\/zebpay.com\/wp-content\/uploads\/2021\/03\/Screen-Shot-2020-07-15-at-5.01.00-PM.jpg\" alt=\"\" class=\"wp-image-12870\" style=\"width:370px;height:272px\" srcset=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/03\/Screen-Shot-2020-07-15-at-5.01.00-PM.jpg 680w, https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/03\/Screen-Shot-2020-07-15-at-5.01.00-PM-300x204.jpg 300w\" sizes=\"(max-width: 680px) 100vw, 680px\" \/><\/figure><\/div>\n\n\n<p>Surprisingly, the three individuals arrested &#8211; Mason Sheppard, aka \u201c<strong>Chaewon<\/strong>,\u201d, Nima Fazeli, aka \u201c<strong>Rolex<\/strong>,\u201d and Graham Ivan Clark aka \u201c<strong>Kirk<\/strong>\u201d &#8211; were all less than 23 years old at the time. Kirk, considered the mastermind behind the hack, was barely 18.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-how-did-such-a-young-team-break-through-the-defences-of-one-of-silicon-valley-s-most-sophisticated-companies\"><span class=\"ez-toc-section\" id=\"How_did_such_a_young_team_break_through_the_defences_of_one_of_Silicon_Valleys_most_sophisticated_companies\"><\/span>How did such a young team break through the defences of one of Silicon Valley\u2019s most sophisticated companies?<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The answer is simple. Twitter&#8217;s systems weren&#8217;t vulnerable, but the people who used them every day were.&nbsp;<\/p>\n\n\n\n<p>Instead of trying to hack the system itself, Kirk targeted a small number of Twitter employees with a phishing attack. Phishing attacks rely on human mistakes to divulge confidential information. Similarly, there have been ZebPay impersonators out there pretending to be us to conduct fraud. And there probably will be more. <a href=\"https:\/\/zebpay.com\/blog\/crypto-scams-and-how-to-avoid-them\/\" target=\"_blank\" rel=\"noreferrer noopener\">Only you can protect yourself from someone who is lying to you.&nbsp;<\/a><\/p>\n\n\n\n<p>The attack\u2019s success meant Kirk was able to access the internal Twitter network as well as credentials to use their support tools. Using this access, he was able to <a href=\"https:\/\/blog.twitter.com\/en_us\/topics\/company\/2020\/an-update-on-our-security-incident.html\" target=\"_blank\" rel=\"noreferrer noopener\">target 130 Twitter a<\/a><a href=\"https:\/\/blog.twitter.com\/en_us\/topics\/company\/2020\/an-update-on-our-security-incident.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">c<\/a><a href=\"https:\/\/blog.twitter.com\/en_us\/topics\/company\/2020\/an-update-on-our-security-incident.html\" target=\"_blank\" rel=\"noreferrer noopener\">counts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter data of seven users.&nbsp;<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-how-were-the-hackers-caught\"><span class=\"ez-toc-section\" id=\"How_were_the_hackers_caught\"><\/span>How were the hackers caught?<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Our partners at Chainalysis regularly work with law enforcement, most notably to fight terrorism financing campaigns by Al Qaeda. Using blockchain analysis, they were able to study a series of Bitcoin transfers between Kirk and Chaewon. Agents found that the Chaewon wallet transacted heavily with addresses associated with accounts at Binance and Coinbase &#8211; leading to the hacker\u2019s real-world identity.\u00a0<\/p>\n\n\n\n<p>It is important to note that without the transparency of the blockchain, none of this would have been possible. The hackers used many different profiles to communicate with each other, never publicly posting anything that would link back to their real lives. If the hackers had demanded cash, they would have likely made a clean getaway. We\u2019d still be wondering who they were.&nbsp;<\/p>\n\n\n\n<p>Instead, following the money on the blockchain provided the investigation several important leads.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-what-did-the-attack-mean-for-bitcoin\"><span class=\"ez-toc-section\" id=\"What_did_the_attack_mean_for_Bitcoin\"><\/span>What did the attack mean for Bitcoin?<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>I remember thinking the attack would feed the narrative that it was only used by criminals. That did happen to an extent, but <a href=\"https:\/\/zebpay.com\/in\/buy-bitcoin\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bitcoin<\/a> is resilient. It\u2019s a testament to its potential that it bounced back from the attack\u2019s PR nightmare stronger than ever. Just a few months later, it was making headlines of its one.&nbsp;<\/p>\n\n\n\n<p>You know, the ones saying <strong>\u201cBitcoin hits all-time high.\u201d<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-dots\"\/>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On July 15, 2020 we witnessed the highest-profile Twitter hack since the platform\u2019s inception. What did the attack mean for Bitcoin?<\/p>\n","protected":false},"author":1,"featured_media":12871,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_ayudawp_aiss_exclude":false,"footnotes":""},"categories":[14],"tags":[17,122,123,65],"acf":[],"_links":{"self":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/posts\/12869"}],"collection":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/comments?post=12869"}],"version-history":[{"count":2,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/posts\/12869\/revisions"}],"predecessor-version":[{"id":36668,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/posts\/12869\/revisions\/36668"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/media\/12871"}],"wp:attachment":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/media?parent=12869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/categories?post=12869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/tags?post=12869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}