undefined | Better HN

0 pointse795y ago0 comments

A lot of people are asking “why a bitcoin scam?”

From what we know right now, targeted accounts had their emails and 2FA reset via an admin tool. These attacks were noisy, so the window of opportunity for the attacker was small. The attack was launched after hours, likely to limit the chance that the compromised Twitter employee would be around. So market manipulation wasn’t really a great option.

This was basically a “smash and grab” style attack, which makes sense given the noisy nature of the access. I wouldn’t be surprised if Twitter’s admin tool purposely doesn’t allow employees to silently access accounts.

0 comments

hacker_newz5y ago

After hours for who?

ryanisnan5y ago

Yeah, that's just wrong. It was mid-day PDT, right around Twitter's core hours, and many of the targets are also west coasters.

e79OP5y ago

Yep you’re right. My bad. Hmmm... I still think my point makes sense. The “smash and grab” style attack fits given how noisy it was. People were wondering why they didn’t do something far more insidious like covertly gather everybody’s DMs and such. That’s not really feasible when you know your attack is going to get noticed fairly quickly.

1 more reply

j / k navigate · click thread line to collapse