The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creators quite a bit of money.

We don’t know how the hack happened or even to what extent Twitter’s own systems may have been compromised — but following the unprecedented hacks of accounts including President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple, Twitter has confirmed it took the drastic step of blocking new tweets from every verified user, compromised or no, as well as locking all compromised accounts.

Twitter says it won’t restore access to their owners "until we are certain we can do so securely.”

On Wednesday evening, the company revealed that its own internal employee tools were compromised and used in the hack, which may explain why even accounts that claimed to have two-factor authentication were still attempting to fool followers with the bitcoin scam.

The account takeovers appear to have subsided, but new scam tweets were posting to verified accounts on a regular basis starting shortly after 8 PM GMT and lasting more than two hours. Twitter acknowledged the situation after more than an hour of silence, writing on its support account at 9:45 PM GMT, "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”

Late in the evening, Twitter CEO Jack Dorsey wrote, "Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” Product chief Kayvon Beykpour also released a public statement on his personal account, writing, "Our investigation into the security incident is still ongoing but we’ll be posting updates from @TwitterSupport with more detail soon. In the meantime, I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers.”

The chaos began when Tesla CEO Elon Musk’s Twitter account was seemingly compromised by a hacker intent on using it to run a bitcoin scam. Microsoft co-founder Bill Gates’ account was also seemingly accessed by the same scammer, who posted a similar message with an identical bitcoin wallet address. Both accounts continued to post new tweets promoting the scam almost as fast as they were deleted, and Musk’s account, in particular, was still under the control of the hacker as late as 9:56 PM GMT.

Shortly after the initial wave of tweets from Gates and Musk’s accounts, the accounts of Apple, Uber, former President Barack Obama, Amazon CEO Jeff Bezos, Democratic presidential candidate Joe Biden, hip-hop mogul Kanye West, and former New York City mayor and billionaire Mike Bloomberg, among others, were also compromised and began promoting the scam.

It’s unclear how widespread the operation is, but it appears to have affected numerous major companies and extremely high-profile individuals.

So far, Twitter has confirmed that employee tools were used in the hack, but not which ones or more than a theory as to how hackers might have gotten access.