This article was published on December 29, 2018

The fascinating evolution of the Bitcoin giveaway scam on Twitter

Scammers kept getting smarter


The fascinating evolution of the Bitcoin giveaway scam on Twitter

2018 saw a new scam epidemic that gradually took over Twitter – and eventually the entire cryptocurrency and blockchain space: the Bitcoin giveaway scheme.

It all started in January, at the height of the cryptocurrency mania. Ethereum co-founder Vitalik Buterin took to Twitter to warn users that cunning individuals had been impersonating him and spamming cryptocurrency enthusiasts with requests to send small amounts of Ethereum.

The usual scammer story is that ‘my laptop literally died’ and I have no way to access funds from my cold wallet until a week from now,” Buterin said on Twitter. “Don’t believe it or anything like it.”

A few weeks later though, the scammers had devised a new scheme that not only allowed them to reach significantly bigger audiences, but also to automate the whole process and exploit social media algorithms to give themselves more exposure. Indeed, the scammers had ditched email for Twitter.

Enter the cryptocurrency giveaway scam

In February, Buterin yet again warned the Twittersphere that scammers had been posing as him in attempts to trick users into sending them small amounts of cryptocurrency.

Posted from various handles disguised as Buterin, the attackers were promising to double any amount of Ethereum sent by users.

“I’m donating 400 Ethereum to the ETH community,” one of the malicious tweets read. “First 200 transactions with 0.2 ETH sent to the address below will receive 2 ETH in the address the 0.2 ETH came from.”

Of course, the attackers never intended to give back those funds.

While the crafty tactic bred success at first, people were slowly catching on – so the attackers had to evolve.

The botnet

While the scammers used to exclusively impersonate Buterin, they quickly found there are other blockchain influencers with worthwhile identities to steal. They also discovered that Ethereum is not the only currency they can organize fake giveaways for.

In a short amount of time, there were tons of botnets disguised as various authority figures in the cryptocurrency space. Not only that, but they were asking for a number of different coins.

Indeed, TRON founder Justin Sun was routinely impersonated to spread links to such giveaway scams. Cryptocurrency exchange desk Binance too tweeted that scammers had been posing as them, asking users for small deposits to specific wallet addresses.

But the scammers did not stop there: they went on to impersonate many other influencers and brands, including the controversial John McAfee and even Tesla CEO Elon Musk.

By now, the scammers weren’t just targeting Ethereum holders, they were now promoting fake giveaways for other cryptocurrencies, like Verge and Bitcoin.

At one point, the situation had gotten so bad that Musk himself recruited the creator of Dogecoin – a self-proclaimed “joke cryptocurrency” – to fight the scambot epidemic. Previously, Twitter had updated its policy to prevent people from using the screen name ‘Elon Musk,’ but it was clear this wasn’t enough to curb the epidemic.

Indeed, researchers discovered the scammers employed a multi-layered tactic that involved controlling a network of over 15,000 bots to push malicious giveaway links. In addition to that, the hackers had also tasked certain bots to respond to malicious giveaway links as a strategy to lend them more credibility.

The tactic was so efficient that it ultimately tricked Twitter’s algorithm into suggesting users should follow some of the scambots. At the time, reports suggested the scammers were making over $5,000 worth of stolen cryptocurrency each night.

The victims

Things ultimately took a turn for the worse when the scammers found an even more impish way to run the malicious giveaways – breaking into verified accounts.

In November, numerous verified accounts belonging to top brands and high-profile figures were hijacked to spread Bitcoin giveaway links.

Among others, the attackers exploited the accounts of politicians, government agencies, iconic film studios, retail giant Target, and even Google itself.

Particularly impressive was that all of these took place within the span of two weeks.

Twitter finally chimes in

After months of silently standing on the sideline, Twitter eventually addressed the string of hackings after the Target incident.

We’ve been in close contact with Target this morning and can also confirm that their account was inappropriately accessed for approximately half an hour, after which we swiftly locked the account so Twitter could thoroughly investigate the issue,” a Twitter spokesperson told Hard Fork. 

Twitter further assured us that it is working closely with affected companies to prevent this from happening in the future. But ironically, moments after Twitter’s reassurance, Google’s Gsuite account posted a link to a malicious Bitcoin giveaway.

Since then, the cryptocurrency giveaway scam has somewhat died down, though not thanks to Twitter’s efforts. Instead, it appears that scammers are gradually starting to expand their horizon with other platforms – like Facebook.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top