Cover Image for Twitter Hack — Track Bitcoin crimes in real-time using Coinpath®

Twitter Hack — Track Bitcoin crimes in real-time using Coinpath®


On 16 July 2020, Twitter’s internal tool was hacked, and hackers tweeted giveaway tweets with Bitcoin addresses from influential peoples and top companies’ profiles.

Hackers targeted profiles of prominent peoples like Barak Obama, Jeff Bezos, Warren Buffet, Elon Musk, and companies like Apple, Uber, and Binance. Other than these top profiles, hackers tweeted similar tweets from thousands of Twitter profiles.

Bezos twitter account hacked

To contain the situation, Twitter temporarily removed the ‘blue-tick’ from all the profiles and deleted the spam tweets.

However, by that time, many people saw those tweets and immediately transferred Bitcoins to hackers’ bitcoin addresses.

In the next few hours, Hackers’ Bitcoin addresses received 20.553 BTC in more than 600 transactions.

Twitter hacker's Bitcoin and ripple addresses

Analyzing Transactions

We analyzed the transactions to trace hacker’s funds.

Around 567 peoples fallen victim to this Twitter hack, and 24 people sent more than one transaction to hackers. For instance, top addresses sent a total of 26 transactions to hackers.

Top addresses which sent most transactions to hackers

Besides, 4 people sent more than 1 BTC to the hacker. The top 4 addresses sent 10.03 BTCs to the hacker.

The highest amount transaction of 4.49BTC came from a Japanese exchange account.

Top bitcoin addresses who sent most bitcoins to hackers

We also saw people sending BTC from their exchange account. For example, check out the following transaction in which someone sent a transaction from their Binance exchange account. In these cases, Exchanges can censor addresses to protect people’s money.

Transaction Graph from Bitquey

Transaction Graph from Bitquey

Hackers started laundering bitcoins

Within an hour of the hack, hackers started moving funds to other bitcoin wallets. This process is called layering, in which criminals use intermediate wallets to distribute the assets, making fund tracing difficult.

Hacker moving fund to other wallets

Hacker moving fund to other wallets

As per our analysis, hackers also send a transaction to the Binance cold wallet. You can check the complete path from the hacker’s address to the Binance address using Coinpath’s APIs.

In the last 36 hours, hackers moved funds quickly and transferred the funds to hundreds of Bitcoin addresses. Using Coinpath® APIs, we tracked all activities related to hackers in real-time, and you can also do so.

We have also created a public excel sheet for the Twitter hack where you can analyze these transactions.

You can also conduct a visual investigation using the Bitquery explorer widget.

Coinpath® APIs to solve Bitcoin crimes

Next, Hackers will attempt to send these bitcoins to crypto services to convert the funds into fiat or exchange them in other cryptocurrencies. With our blockchain money flow technology, you can trace these funds in real-time and investigate crypto crimes. To learn more about our money flow technology, read the introduction to Coinpath®.

Looking for end to end Crypto investigation tool? Explore Coinpath Moneyflow, built for investors and law enforcement agencies. Check it out here!

About Coinpath®

Coinpath® APIs provide blockchain money flow analysis for more than 24 blockchains. With Coinpath’s APIs, you can monitor blockchain transactions, investigate crypto crimes such as bitcoin money laundering, and create crypto forensics tools.

If you have any questions about Coinpath®, ask them on our Telegram channel or email us at Also, subscribe to our newsletter below, we will keep you updated with the latest in the cryptocurrency world.

Coinpath® is a Bitquery product. Bitquery is a set of tools that parse, index, access, search, and use information across blockchain networks in a unified way.

Also Read:

Subscribe to our newsletter

Subscribe and never miss any updates related to our APIs, new developments & latest news etc. Our newsletter is sent once a week on Monday.