Cryptocurrency scammers are becoming more convincing and advanced. They have harnessed different technologies and techniques to dupe their victims. According to reports, crypto-related scams have taken a total of $381 million from unsuspecting victims. While this amount seems high, Chainalayasis data records show that the figures are below those recorded back in 2019.

While they used different platforms for their activities, Twitter is their most preference. Twitter has a Financial scam policy that reads:

“You may not deceive others into sending you money or personal financial information by operating a fake account or by posing as a public figure or an organization.”

Despite the policy, many scammers have found ways to use the platform for their gain. Many scammers go so far and even pay for their promotional tweets to access a broader range of users.

The history

The first crypto scam on Twitter came to light in 2018. Scammers claiming to be Elon Musk, CEO of Space X, and Tesla created a fake account to dupe Elons followers. Using the account, the scammers claimed to be giving away Ethereum, giving reasons like ‘the launch of the new Space X rocket or the production of yet another Tesla car.’ To receive the giveaway, people were asked to verify their identities by sending 0.1-0.3 BTC to a particular wallet. On receipt, the scammers promised to give them between 1 to 20 BTC.

At the time, the scammers created accounts that borrowed Elon’s avatar and his name. They also used similar Twitter handles like @elonmask instead of @elonmusk. Using these identities, the scammers then replied to Elon’s original post, promoting their fake giveaway. The scammers also took several other verified accounts. Using these accounts, they posted comments claiming to have received Bitcoin from Mr. Musk.

Following this event, scammers exploited other Twitter celebrities such as Bill Gates, Pavel Durov (creator of vk.com and Telegram), and Vitalik Buterin (creator of Ethereum cryptocurrency), and many others.

One of the most prominent victims was  Frank Pallone Jr. He was the Democratic state representative for New Jersey’s sixth district. Scammers took over one of his accounts, “@pallonefornj.” Similarly to Musk, this account was used to post a fake bitcoin giveaway for the small verification fee of 0.1-3 BTC. Reportedly, many crypto users fall victim to this scam.

Another incident was when Matalan’s official account, a discount clothing, and a homeware chain were hacked. The experience attracted over 700 retweets and over 3,000 likes.

According to reports, the Pallone and Matalan scams recorded 326 transactions worth. That is a total of more than 25 bitcoin ($271821.98 at the time of writing).

After these, many took precautionary measures to help investors and crypto users avoid falling victims to such a scheme. Guidelines have emerged to help individuals identify these scams.

Present

Recently, on July 15, 2020, the Twitter accounts of some of the most famous people in the United States were hacked as part of a suspected bitcoin scam. Some of the hacked accounts included Apple, President Barack Obama, former Vice President Joe Biden, Microsoft co-founder Bill Gates, Tesla, and SpaceX CEO Elon Musk, Kanye West, and Uber. Like the previous scams, the hackers posted tweets promoting a fake giveaway. The ordeal lasted for two hours before Twitter took extreme measures to prevent other accounts from being hacked. Twitter disabled users’ ability to send new tweets and locked other users out of their accounts.

Despite efforts by Twitter to educate crypto users and security measures, the July 15 scammers managed to receive over 400 payments in bitcoin. This has amounted to 13.14 BTC worth approximately $121,000.

Chainalysis has already identified three primary addresses used by scammers. The firm noted that “most of the stolen funds were (subsequently) consolidated in the bitcoin wallet address,” which it terms the scam cash-out address.

Aside from crypto give away, scammers also promote fake investment opportunities.

Twitter Sleeping on Its Job

After the recent attack, Twitter began explaining the situation. It has stated that the hackers had gained access to its internal systems. The company tweeted:

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweets on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed.”

According to Adam Back, a co-founder at Blockstream, it is almost impossible to convince Twitter to crack down on impersonators. The attack on Blockstream has become so severe that the company has created its database of all scams trying to profit on their brand. Back explained:

“If you report an impersonator, they ask you to upload government id afresh on each reported handle. And unfortunately, even when you include complaints that people are being scammed and contacting you about refunds, they are very slow to block. It’s been over a month for me with @adam3u_s [one of many Back’s Twitter impersonators].”

Other platforms

In August 2020, Graeme Garioch, a Scottish retiree, was swindled about $39 400 by a phony investment scheme on Facebook. Garioch invested his retirement funds in a fake company, OMC Markets, after speaking to its representative. The individual assured him that the company was legit and was based in London. Garioch deposited a total of US$38,090 into a bitcoin wallet and signed a waiver denying him access to his funds for six months. The scammers also managed to convince Garioch to give details to his bank account. They claimed that they could make bitcoin trades on his behalf.

In March of 2019, Garioch investments had doubled up. He decided to pull out his funds during this time, but he was told he needed to pay a further $7,800 in fees. Once he paid this amount, the scammers drained all his funds. Any of his efforts to reach the company bore no fruits.