How an Elon Musk Impersonator Made Off with $180k in Bitcoins on Twitter

Twitter has always had a bit of an impersonation problem. In its early days there was little to prevent users from creating fake celebrity accounts and spreading misinformation. Since then Twitter has implemented the “verified user” blue tick you see next to people’s names. This tells the users they need don’t need to worry; every celebrity with the tick mark is the real deal, and any “celebrity account” without one is a fake, regardless of what they claim.


This doesn’t mean people can no longer make a Twitter account and impersonate famous people. It does, however, mean that users will trust tweets from verified users more. This sort of trust is exactly what hackers covet. Should a hacker gain access to a verified account, they can use this heightened trust to spread malicious links which users click without a second thought. This, in turn, means that verified accounts have to be locked down tight to prevent this abuse.

The Verified Users Security Problem

This problem was shown off tenfold when hackers managed to gain access to verified Twitter accounts owned by various businesses. They changed the profile picture and avatar to that of Elon Musk. Despite the hackers changing the name and avatar, the blue tick icon stayed, thus giving the impression it was Elon Musk talking. The account kept the company’s original Twitter handle (as you can see below, with the “@farahmenswear” handle), but at a quick glance, it did look like the account was Elon’s own.


Next, they made a tweet stating that Elon Musk was stepping down as director and was giving away 10,000 BitCoin as a result. If you wanted in on the deal, you had to send BitCoins to him to verify your address. Once he received your coins, he would then send you ten times what you gave him. The maximum amount you could donate was three BitCoins, currently worth around $19,000USD.

What made it worse was that the scammers could get these fake tweets promoted on Twitter. This means they appeared on people’s timelines regardless of if they followed the hacked accounts or not. If users didn’t notice the mismatching Twitter handle, it was easy for them to believe this was a real tweet made by Elon Musk. It’s believed the scammers made $180,000 in BitCoins from the scam before it got shut down.

How to Deal with Scam Tweets

As we’ve seen above, a “verified user” tickmark does not automatically mean everything they link is safe. A verified account can be hacked and used to publish malicious content. Likewise, a verified account can be hacked, changed to look like a selected target, and then used to spread bad links around Twitter. Even a legitimate verified user can be tricked by others into sharing a bad link!


When browsing the ‘Net, it’s always good to remember a key part of dodging scams: if it sounds too good to be true, it probably is. In this case Elon Musk retiring from his business and suddenly giving out sums of up to $60,000 to random Twitter users is probably not something you should buy into.

Also, if you see something fishy, be sure to check the Twitter handle. If it doesn’t match the user’s name, that’s a big warning sign that something’s amiss. In the case of the original account being hacked, however, you have to use common sense to dodge malicious attacks.

Verifying the Verified

The “verified user” check mark has helped prevent users from simply making an impostor account. At the same time, it has also led users to trust everything a verified user posts. This makes it ripe for hackers to take control of a verified account and use it as a platform to spread malware. But there are ways to take better care online.

Have you seen any Twitter impersonators in the wild? How successful were they in tricking people? Tell us your stories below.

Simon Batt Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.