The 2020’s Twitter Bitcoin Hack Deconstructed

Since July 2020, when the initial Twitter bitcoin hack made news, this cryptocurrency had left a train of media attention across the globe. When this breach occurred, companies involved in processing Bitcoin transactions had to act quickly, using crypto blockchain analytics and detection tools to visualize the cryptocurrency’s movement in advance and help their clients quickly respond to the risk. Through this, many businesses (especially crypto trading platforms and exchanges) were able to prevent any further money laundering through their platform.

Here, we summarize the history of the hack and recent flows of transactions so you can understand how real-time risk monitoring works. We describe the amount of bitcoin involved in each transaction, the amount to which the funds were weakened by other sources, and what wallets these coins ultimately ended up in.

Table of Contents

Key TakeawaysJuly 15 – The Initial BreachJuly 17 – Wasabi WalletJuly 23 – Complex Bitcoin DistributionJuly 27 – Funds Are SplitJuly 30 – More MixersSummary

Key Takeaways

In July of 2020, Twitter faced a severe Bitcoin hack and, as it relates to that, money laundering.Over a series of weeks, the funds were transferred in an attempt to hide the origin.Banks and organizations needed to learn to identify fraudulent or risky transactions relating to the hack as scammers continued their disguising activities.

July 15 – The Initial Breach

In this first break, hackers took control over 130 Twitter accounts, giving them (the hackers) the access and ability to make fraudulent posts on the site. These accounts included well-known corporations and individuals. Since then, Twitter has been able to confirm that this scheme was the result of a phone scam known as spear-phishing, which targets Twitter’s workers.

From here, the scheme continued. These hackers used a fraud technique known as a giveaway scam, ending with the total money stolen valuing upwards of $121,000 in bitcoin from over 400 victims.

Then, these stolen bitcoin funds were transferred out of 3 original addresses into various other cryptocurrency wallets. Nearly all of this illegal money was moved across 12 addresses and left to sit there. The small amount of bitcoin that was not placed in these 12 wallets was transferred to known accounts. This meant for law enforcement agencies that they could try to use this information to track down the masterminds behind the scheme by asking the account owners who received the funds.

Another interesting point to mention is that since May of 2021, one of the bitcoin wallets used in this process has been active and working with regulated cryptocurrency businesses. This gave law enforcement another lead, hoping to track down who is behind it.

July 17 – Wasabi Wallet

On July 17, it was discovered that 22% of the funds stolen from the bitcoin hack, worth 2.89 bitcoins, were sent to an address known as the Wasabi Wallet. This is a kind of bitcoin wallet that is used to hide trails of money, making it harder for law enforcement agencies to track the movement of the funds.

In order to track a bitcoin address, many people and tools have to be used behind the scene. This was done by a company working with heuristic models and engineering teams, which ended up drawing worldwide attention and being a big step towards tracking who was behind the scheme.

July 23 – Complex Bitcoin Distribution

There is not only one form of analysis or protocol that was able to put a stop to this Twitter bitcoin hack. By this point, just over a week later, analysts reported that the majority of the funds had already been cashed out or exchanged. This situation is common to cryptocurrency money laundering in that the launderers tend to remove the money through cash assets while analysts are attempting to follow their virtual steps.

At this point, it was unknown if the funds are even still in possession of the original hacker. The launderers may have sold their crypto assets to an anonymous source. By looking over charts, it was at least possible to determine what tricks hackers use to avoid being in the spotlight.

For example, the money from the Twitter hack as the source of funds was oftentimes split off into many wallets and then later reconsolidated into another single address location. This indicates that all these minor transactions were made with the end goal in mind.

July 27 – Funds Are Split

On July 27, the bitcoin funds were again split from one account to many much smaller ones. From here, they are passed through mixers and unregulated exchanges to conceal the identity and make the path of movement more complex.

July 30 – More Mixers

By now, it is clear to analysts that most of the funds from this hack have been transferred to cash or spent in some way. The reason these kinds of schemes are so difficult to track comes down to the ability of institutions to flag risky cryptocurrency transactions. By depositing small amounts of money throughout several transactions, it is unlikely any financial institution will mark the account as suspicious or even file a suspicious activity report.

In addition, the scammers were moving the money through mixers. These platforms obscure the trail of the money, preventing authorities from seeing how it was deposited or where it was taken out. This also means that the funds are not even related to the Twitter bitcoin hack anymore, let alone an identified customer.


Tracking bitcoin transactions is not easy. However, businesses are exchanges are not helpless, and there are ways that corporations can recognize customer identities and trace the paths of virtual funds. These kinds of activities should be used to raise awareness and increase due diligence processes in the future.

Related Posts