Fake tweets were posted to the accounts of Amazon chief Jeff Bezos, Microsoft co-founder Bill Gates and SpaceX billionaire Elon Musk, offering to send $2,000 for every $1,000 sent to a Bitcoin address.
Experts were surprised at the scale of the incident, which suggested the hackers may have gained access through Twitter’s system, rather than through individual accounts.
Chief executive Jack Dorsey tweeted: “Tough day for us at Twitter. We all feel terrible this happened.” He added that staff are “working hard to make this right”.
Elon Musk was among those targeted by scammers in a Twitter hack, along with former US president Barack Obama and Democratic presidential candidate Joe Biden.
Businessman Mike Bloomberg, reality TV star Kim Kardashian, rapper Kanye West, and the corporate accounts for Uber and Apple were also reported to have been hit by the scam.
Blockchain records, which store data about monetary transactions, showed the suspected scammers had received more than $100,000 worth of cryptocurrency, according to Reuters.
Just before 11pm UK time, Twitter confirmed it was investigating a “security incident impacting accounts”.
Around four hours later, the social media platform said: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
“We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
“Once we became aware of the incident, we immediately locked down the affected accounts and removed tweets posted by the attackers.”
Twitter said it had also limited functionality for a “much larger group of accounts, like all verified accounts (even those with no evidence of being compromised)”.
“This was disruptive, but it was an important step to reduce risk,” the platform said before adding that most functions had been restored.
The compromised accounts were locked and access will be restored to the original account holder “Only when we are certain we can do so securely”.
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing.”
Shares in Twitter were down by more than 3% in after-hours trading on Wednesday in the US.