In one of the major cyber-attacks on Twitter, around 130 accounts were hacked on 15 July.
Tweets came from high-profile accounts saying any bitcoin sent to a link in the tweet will be sent back doubled, as an offer that lasts just for 30 minutes.
The apparent scam spread to mainstream celebrity, technology moguls and politicians’ accounts such as former vice-president Joe Biden, major corporates like Apple and Uber handles were among the first to be impacted.
More names were Barack Obama, Joe Biden, Mike Bloomberg and several tech billionaires including Jeff Bezos, Bill Gates and Elon Musk.
Celebrities such as Kanye West and his wife, Kim Kardashian West, were also hacked.
The false tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
Twitter reliability team acted within a few minutes of the breach and removed the related tweet, according to the Biden campaign.
The Associated Press was able to capture screenshots of several of the apparently fake tweets before they were all quickly delete.
Twitter earlier had to take the extraordinary step of stopping many verified accounts marked with blue ticks from tweeting altogether.
Password reset requests were also being denied and some other “account functions” disabled.
The Bitcoin account mentioned in the fake tweets appears to have been created on Wednesday. By the end of the day, it had received almost 12.9 bitcoins, an amount currently valued at slightly more than $114,000. At some point during the day, roughly half that sum in bitcoin was withdrawn from the account.
Twitter says it is still looking into “what other malicious activity they may have conducted or information they may have accessed”.
According to the BBC who has spoken to one hacker who specializes in social media account takeovers and has been part of a hacking group with one account suspected of involvement.
“Honestly, I think the hack is over because I feel this may have been a quick money grab and run situation,” he said.
On July 18, and at a blog post by Twitter Support said: “The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.”