Crypto con artists have devised an ingenious method to get a verified ‘blue tick’ from Twitter, to help them rip off the unwary.
A new report from MyCrypto cybersecurity researcher Harry Denley found the number of shady Twitter accounts attempting to scam users out of crypto increased by 95% in the past year.
These accounts spring into life every time a famous crypto Twitter user makes a tweet – from Elon Musk to John McAfee and Justin Sun.
Scammers compete to become the first reply to the tweet in order to hawk a scam airdrop.
The most common fake accounts masquerade as Ethereum co-founder Vitalik Buterin, Binance, and Coinbase.
In his research, Denley uncovered a new trend of scammers hijacking lesser-known verified accounts that already have the Twitter blue tick.
The scammers then change the account name to that of a famous person, which then appears to have the blue tick endorsement.
Last year, researchers from Duo Security uncovered more than 15,000 Twitter bot accounts dedicated to spreading the scams.
Giveway scam is unchanged
The scam is invariably the same – if you send crypto to a particular address the scammers promise to send you more crypto back in an airdrop.
A recent scam, replying to Anthony Pompliano, purported to be from CoinBase.
“To celebrate 50 million users, we decided to host a 5,000 BTC giveaway event — You can use any wallet or exchange to participate. Visit our promotion site — If you are late, your BTC will be sent back, thank you for your support, Coinbase team,” it read.
And an account pretending to be Elon Musk wrote: “Our marketing department here at Tesla HQ came up with an idea — to hold a special BTC and ETH giveaway event for all the crypto fans out there.”
Shill accounts then reply to the reply, claiming to have won big from the promotion, in order to lend it credibility.
McAfee calls out Twitter for inaction
John McAfee called out Twitter this week for its inability – or unwillingness – to combat the scams.
“On my Twitter account every one of my tweets are peppered with comments from people pretending to be me and attempting to get people to send Bitcoin or Ethereum in exchange for a larger amount. I no longer bother to report them to Twitter because I never get a response,” he said.
Entire articles now being written by scammers claiming to be me, saying I'm giving away Bitcoin and Ethereum (Your choice apparenly). Are people really this stupid? If so, I'm resigning from the human race. No one gives anything for free, people, least of all – me! https://t.co/cBFhKybPMd
— John McAfee (@officialmcafee) August 12, 2019
Sample shows hundreds of thousands lost
Denley based his study on a sample of 333 Twitter users, 327 tweets and 425 tweeted images.
Between them, these scams netted almost 12 BTC and 42 Ethereum, worth almost $150,000.
While the Twitter scams are prevalent and annoying, that’s just a drop in the ocean compared to the $4.3 billion lost to crypto crime so far this year, according to CipherTrace’s Q2 2019 Cryptocurrency Anti-Money Laundering Report.
Most of the money was lost in exit scams and misappropriated funds.
52 domains added to blacklist
Denley identified 52 different domains that were promoted through the Twitter scams with names such as coinbase-team.com, binancefunds.com, and coinbasepromo.net.
The majority were hosted in the United States (64%) followed by Great Britain (11%).
Denley theorises that Coinbase is the most popular fake account due to the success of the Coinbase Earn program, which pays users in crypto for completing various tasks.
The domains have been added to an open-source domain blacklist.
In the unlikely event that you decide to send money to a random wallet, you can double-check if a wallet address has been identified as malicious by heading to Ether Address Lookup.