While the Wednesday hijacking of several high-profile and verified Twitter accounts appears to have been confined to a cryptocurrency scam, security experts are warning that the platform’s security failures could lead to bigger attacks down the road.

By Thursday, the Twitter accounts affected by the hacking incident had returned to normal. Those include the accounts of Democratic presidential candidate Joe Biden, Tesla CEO Elon Musk, Microsoft founder Bill Gates and the corporate accounts of Apple, Uber and others. The affected verified accounts with their distinctive blue checkmarks could send out messages and tweets again.

Twitter said in a Wednesday statement that the incident appears related to a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” But the social media giant has yet to provide further details.

In addition to Twitter’s own internal investigation, the Wall Street Journal reported that both the FBI and New York State authorities are now investigating the incident as well.

Wednesday’s Twitter hack is likely a one-off incident with financial gain as the goal, some security experts tell Information Security Media Group. But the fact that verified accounts of public figures were successfully manipulated indicates the stage is set for more damaging attacks.

In Wednesday’s incident, the hackers took over accounts seeking to get followers to send money. But in a future attack, “could the instructions change, and would they be followed?” asks Evan Dornbush, a former employee with the U.S. National Security Agency and now CEO of security firm Point3 Security.

Mounir Hahad, the head of Juniper Threat Labs at Juniper Networks, says hackers who take over the accounts of influential leaders could potentially cause chaos.

“This is a very serious hack that could have resulted in a lot of damage in financial markets should a tweet have been attributed to a personality with influence, like the president of the United States, the Treasury secretary or the chairman of the Federal Reserve Bank,” Hahad says.

Nature of Wednesday’s Incident

Troy Mursch, the chief research officer at security firm Bad Packets, notes that the Wednesday hacking incident could be something bigger “than what we saw on the surface as a bitcoin scam.”

Although Saryu Nayyar, the CEO of security firm Gurucul, does not believe Wednesday’s hacking incident was a trial run for a more damaging cyberattack, she says other groups could now be inspired to wage similar campaigns.

Nayyar notes that the hackers were cunning enough to use social engineering techniques and chose a proper target audience – walking a thin line between targeting those tech savvy enough to access bitcoin yet gullible enough to fall for such an obvious ploy.

The hackers behind Wednesday’s incident likely were just out to make a quick buck, says Dmitry Galov, a security researcher at Kaspersky. In fact, some 360 individuals reportedly transferred approximately $120,000 in bitcoin to the scammers within two hours of the account takeovers.

An Inside Job?

On Thursday, Vice Motherboard, citing sources who identified themselves as hackers who took over Twitter accounts Wednesday, reported that a Twitter employee gave hackers access to an internal tool that allowed them to hijack the verified accounts.

The hijacking of verified accounts has also prompted some to question why Twitter doesn’t take more security steps for employees as well as users.

On Thursday, Sen. Ron Wyden, D-Ore., noted that Twitter CEO Jack Dorsey promised to provide end-to-end encryption for Twitter’s Direct Messaging features in 2018, but it has not yet delivered on that pledge.

Dorsey has been a victim of account hijacking. In September 2019, his Twitter account was taken over for a short period and used to send out racist messages (see: Hey Jack, How Was Your Account Hacked?).