Cyber Incident Victim: Pathé
Date:
Nov 2018
Location:
France
Summary
A major European film organization's Twitter account was compromised to promote a fraudulent Bitcoin giveaway impersonating Elon Musk. Attackers altered the victim's profile details and promised to double cryptocurrency investments, directing users to send Bitcoin to a malicious wallet that accumulated over 6 BTC (approximately $38,000) within 24 hours. The fraudulent tweet garnered significant engagement before being deleted, with the organization subsequently restoring its account. This incident mirrored prior Twitter-based cryptocurrency scams targeting high-profile accounts, including a similar hijacking of an official Fox account months earlier. The platform had previously implemented measures to curb such scams, such as blocking display name changes to 'Elon Musk,' but the persistence of these schemes highlighted ongoing vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 5, 2018, the official Twitter account of Pathé, recognized as Europe’s second-largest film studio and the world’s second oldest operating film company, was compromised by attackers promoting a cryptocurrency scam. The hackers altered Pathé’s account details to impersonate Elon Musk, changing both the display name and profile avatar to falsely associate the account with the Tesla CEO. They posted a fraudulent Bitcoin giveaway scheme, promising to double any cryptocurrency sent to a specified wallet address. This tweet rapidly gained visibility, accumulating over 850 retweets and 3,700 likes before its removal. The scam leveraged Musk’s public association with cryptocurrency to appear legitimate, exploiting Twitter’s platform to target users globally. Blockchain transaction records indicated the attackers received over 6 Bitcoin (approximately $38,000 at the time) within 24 hours, suggesting numerous victims fell for the scheme. Pathé regained control of the account, deleted the malicious tweet, and restored the original profile information, removing all references to Musk.
The incident highlighted ongoing vulnerabilities in Twitter’s security infrastructure, as similar cryptocurrency scams had previously compromised verified accounts, including one belonging to Fox in July 2018. Twitter implemented a policy change following the Pathé breach, specifically prohibiting users from changing their display names to “Elon Musk” to curb impersonation. Despite these measures, the platform continued to struggle with coordinated scambot campaigns. Elon Musk personally sought assistance from Dogecoin creator Jackson Palmer to combat the proliferation of fraudulent accounts, though the collaboration yielded limited success in reducing such scams. The attack disrupted Pathé’s official communications channel temporarily but did not appear to extend beyond the Twitter account compromise. Financial losses were confined to victims who transferred cryptocurrency to the attackers’ wallet, with no evidence suggesting broader operational impacts on Pathé’s corporate systems or film distribution activities.