Twitter is wary of crypto scams, and this is nothing new. The last, Elon Musk talked about the flood of crypto scams on Twitter. “Whenever someone famous tweets, their comments section quickly fills up with messages from bot accounts about fake crypto-giveaways. These scams are malicious ones designed to steal crypto wallets with the lure of receiving profitable airdrops. There are links. What is Twitter doing to address this?” Shaun Cherian, Mumbai based crypto enthusiast and NFT collector, told indianexpress.com,
Cryptocurrency scammers determined to find creative ways access to crypto-wallets and theft of digital assets. These cybercriminals tag users in response to hundreds of tweets. Hackers hijacked verified and unverified accounts on Twitter to impersonate popular NFT projects, including Bored Ape Yacht Club (BAYC), Azukis, Moonbirds and OKBears, that steal users’ crypto assets by taking them to phishing sites. can do.
Another NFT Enthusiastic, Kaushal V confirmed that these scam messages are everywhere in the comments section. The premise is simple. You tweet with popular keywords like #NFT, #NFT community, #crypto etc. There’s always some bot that monitors these tweets and retweets your tweets instantly – after which the scam account shares a malicious link as a free gift,” he said. Kind of get connected.”
Kaushal told indianexpress.com that he too was a target of such scams, and lost access to his crypto wallet. “Thankfully, I didn’t lose a lot of property, but no loss is minimal.”
Satnam Narang, staff research engineer at cybersecurity research firm Tenable, took to Twitter to shed light on how NFTs and crypto scams work. Hackers first buy a verified Twitter account or account with hundreds of thousands of followers. After which, they pivot the account to impersonate notable NFT projects.
Gradually, these accounts start tweeting about upcoming or recent airdrops or projects with links pointing to phishing websites. NFT or Crypto Airdrop promises to deliver free crypto tokens or NFTs that require the user to connect their crypto-wallet. Now to gain attention, scammers use an army of fake accounts to retweet and tag users in hundreds of scam tweets. The scammers then wait for users to click on phishing links and give them access to their cryptocurrency wallets to initiate the theft of NFTs and digital currencies.
According to Narang, the success of some of these blue-chip NFT projects has paved the way for widespread adoption by promoting upcoming integrations with their own metaverse, allowing scammers to make new or rumored announcements about these projects. Huh. There are ample opportunities to capitalize. According to research, these scams happen in many different ways.
It should be noted that these phishing sites are no different from legitimate NFT project sites, making it difficult for the average cryptocurrency enthusiast to tell them apart.
“Instead of relying on traditional usernames and passwords, users are convinced to connect their cryptocurrency wallets. By doing so, scammers can transfer digital currencies such as Ethereum ($ETH) or Solana ($SOL), as well as Any NFTs held in these wallets will be deducted,” Narang wrote in a blog post.
Interestingly, scammers have used threats from potential scammers to make them look like Good Samaritans to explain why they comment or respond to “clean” or “close to” tweets. “Once they seed some of these fake tweets, they take advantage of a built-in Twitter feature for conversations that can respond to their tweets, letting users know about potential fraud, The researcher says. prevents me from warning others.”
In April this year, the Twitter account of Uttar Pradesh Chief Minister Yogi Adityanath was hacked. His profile picture was replaced by Yacht Club NFT, a bored app that was used to promote phishing sites for the Azuki NFT project. Prime Minister’s Twitter account at the end of last year Narendra Modi, which has over 70 million followers, was hacked for a while. The attackers claimed that India had adopted bitcoin as legal tender and would distribute it to citizens.
What could Twitter do?
Narang believes that there are a few ways Twitter can intervene to make things harder for scammers when it comes to these impersonations. “Make the NFT profile picture feature available to all users, rather than just paying members of Twitter Blue. Because blockchains are meant to help verify trust, allowing everyone to use this feature provides a mechanism by which users can verify the authenticity of one’s tweets using the BAYC profile picture.” He mentioned.
He advises Twitter to temporarily hide tweets and profiles for verified accounts that change their profile pictures and names. “By temporarily hiding these tweets and profiles when they make such changes to their profiles, Twitter will give its abuse team a chance to manually review these changes before scammers wreak havoc,” they tell.
Finally, look for signs like mass tagging on Tweets. For example, if a tweet receives replies that are tagging multiple users, mark the original tweet/account and subsequent replies as suspicious.
“If you are actively tagged in a tweet, you should be highly suspicious of the intent behind it, even if it came from a verified Twitter account. Find the website of the original project and cross-reference links you can find on Twitter.” But scammers will also rely on urgency to try to pressure users in this area. If NFTs are minted, they will say that There are a limited number of spots left. The urgency makes it easy to take advantage of users who want to miss an opportunity. After all, if something sounds too good to be true, it probably is,” he concluded.