A former information security chief at Twitter said that the security breach suffered by the social network Wednesday was “intense” but could have been worse.

“The twitter bitcoin hack is intense,” Michael Coates, former Chief Information Security Officer for Twitter, wrote on the site Wednesday after many prominent Twitter accounts, including those belonging to Barack Obama and Joe Biden, appeared to have been compromised in what looked like a bitcoin scam.

Coates, who was Twitter’s CISO from 2015 to 2018, tweeted that “in the past, prominent accounts that were compromised were often the result of weak passwords or challenges within comms teams managing a single account. This appears to be much different.”

In direct messages with Code and Dagger, Coates noted that the fact that the hackers were after bitcoin was somewhat lucky, considering the power and reach of the accounts they hijacked. “A more insidious attacker would leverage the ability to tweet on behalf of these accounts for more malicious actions,” he said.

Twitter’s support team wrote late Wednesday that they had detected “what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

The team it was “looking into” whatever else the hackers had done, if anything, in addition to taking over the prominent accounts. Coates praised the transparency of Twitter’s response so far.

Coates said it was too soon to guess who might’ve been behind the breach, but said the initial focus would likely be on groups that have run bitcoin scams in the past — though the breadth of this attack pointed to an especially sophisticated player.

[Like what you see and read on Code and Dagger? Become a Patreon and help keep the lights on. Do you have a tip or question? Reach out at CodeAndDagger@protonmail.com.]