The damage was done before Twitter officials initiated a response to stop the hackers who managed to get into several high profile users as well.
According to the cybersecurity firm Kaspersky, this scam shows how people with decent awareness of the online world can be lured into a trap and even the most secure accounts can be hacked.
"In our estimates, within just two hours, at least 367 users have transferred around $1,20,000 in total to attackers. Neither a website/software is entirely immune to bugs nor is the human factor immune to mistakes. Therefore, any native platforms might be compromised," Dmitry Bestuzhev, Cybersecurity expert at Kaspersky, told IANS.
Twitter revealed that it was a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools". The micro-blogging website has been tweeting about the findings of its investigation in the following thread.
Twitter CEO Jack Dorsey also issued an apology by tweeting, "Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."
The major public figures whose accounts were compromised include US Democratic presidential candidate Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos, Apple and Uber.
Arjun Vijay, Co-Founder and COO of Giottus Cryptocurrency Exchange, said that although such scams have happened in the past however, the scale of this one is unprecedented.
"It was a well-coordinated attack where multiple accounts got hacked at the same time, with the same tweets directing users to the same scam site," he said in a statement.
"The hacker had complete access to Twitter. He could post anything from any of the official accounts. But he chose to seek Bitcoins through false promises. People should be more careful," Vijay warned.
ALSO READ | Jio 5G, JioTV Plus, '2G Mukt' India: Major Announcements By Mukesh Ambani At Reliance AGM 2020 | 5 Points
Paul Ducklin, Principal Research Scientist at cybersecurity firm Sophos said that if Musk, Gates, Apple, Biden or any well-known celebrities or company wanted to hand out huge amounts of money on a whim, they wouldn't demand that you hand them money first.
"That's not a gift, it's a trick, and it's an obvious sign that the person's account has been hacked. If in doubt, leave it out!" he said.
Cryptocurrency transactions don't come with the legal protections that one gets with banks or payment card companies. Soon after the Bitcoin scam surfaced, it was clear that the transactions could not be reversed.
"There is no fraud reporting service or transaction cancellation in the world of cryptocurrency. Sending someone crypto coins is like handing over banknotes to in an envelope - if they go to a crook, you will never see them again. If in doubt, don't send it out!" he added.
"If purely digital companies like Twitter can be breached through social engineering attacks, then other organizations and individuals are not safe either. Cybersecurity is everybody's responsibility and employees can be an organisation's best defence," Himanshu Dubey, Director, Quick Heal Security Labs, told IANS.
(With Agency Inputs)