Some verified Twitter accounts are not able to post tweets right now. The company says it is working to investigate and fix a major vulnerability that saw celebrities including Jeff Bezos, Warren Buffett, Bill Gates, Elon Musk, Kanye West, and MrBeast of YouTube fame post bogus offers to give back double whatever Bitcoin deposit their followers put in.

The scam tweets started appearing around 1 p.m. PDT this afternoon. The messages are generally formatted to include a greeting or a gesture of generosity (some of them mention a partnership with CryptoForHealth, a website that looks to have been purpose-made for the operation and has since gone offline, but is available from the Internet Archive), then the offer to double any given Bitcoin deposit, followed by a BTC address — most of them contained the same one before a few other addresses were mixed in.

Reporters have logged 17 affected targets which include brands such as Apple and Cash App, politicians Barack Obama and Joe Biden, and cryptocurrency accounts Bitcoin and Coinbase. Most of the tweets have since been swept off the site.

The primary Bitcoin address involved in the debacle, which also appears to have been set up today, has logged over 350 transactions with a net gain of over $118,000 as of press time.

Twitter Support acknowledged the issue at 2:45 p.m. before implementing a widespread lockdown on tweets (but not retweets) and password resets for verified accounts sometime after 3 p.m. Accounts have since started to regain those capabilities. A Twitter spokesperson told TechCrunch that it is "looking into" the problem.

Initial findings

Twitter has released initial findings in its investigation into the breach. The company has confirmed what many within security research circles have been speculating: malicious actors were able to take advantage of Twitter employees with access to internal management tools that allowed them to post those tweets.

The company said it has deleted all posts made by the attackers and is working to authenticate owners of compromised accounts so that they can get can access back. Twitter has also reduced access to those high-levels within its command structure. More information is to come.

The numbers

The company reported on Saturday in its blog that 130 accounts that it knows of were affected by the attacks — 45 of them were accessed through a password reset. Some were verified, others were not. Eight non-verified accounts had their account data downloaded via the Your Twitter Data tool.

There may have been some attempts to sell some of the compromised usernames. Forensic analysis on the data trail continues.

Reuters reports from its sources that the FBI is looking into the incident.