Cryptocurrency thieves are using verified profiles to scam and Twitter is not helping

Here is why you should never readily trust anyone on Twitter – even those with blue badges. A shifty user has leveraged his verified profile to impersonate high-profile cryptocurrency influencers and scam people.

The malicious individual was busted using the verified @Protafield handle to trick naive users into sending over Ethereum – a new tactic which has been running rampant in the blockchain space as of recently.

The twitter user @Protafield has been pretending to be Bitfinex and asking people to send over ETH. Indeed, one of the tweets from the profile reads “Send from 0.5 to 5 ETH to the address below and get from 5 to 50 ETH back!”

As per Etherscan, the associated address has received more than 31 ETH at the time of writing.

This is insane. @Protafield is a blue checkmark verified user who has changed name and account details to match @Bitfinex

Then they are pretending to do giveaways and stealing ETH from people.@TwitterSupport wtf is wrong with your website get ur shit together pic.twitter.com/NzPwTa0RTQ

— Whalepool (@whalepool) April 7, 2018

Webinar: Unicorn DNA: The Blueprint for Scaling Success

What does it take to build a unicorn? On November 19, 3pm CET, top executives of unicorn companies will reveal the mindset, strategies, and innovative thinking that propelled their companies to the top.

Before Bitfinex, the user was reportedly pretending to be Justin Sun, founder of Tron Foundation.

This is not the first time these fraudulent attempts are being made in the cryptocurrency space.

In fact, TRON Foundation itself had suffered another phishing attack in a similar fashion earlier in February. Hackers were able to hijack a verified Twitter account and change its handle to @TronfoundationI to clone the real @Tronfoundation.

Buzzfeed's report on Tron Foundation Scam in February 2018 — Buzzfeed’s report on Tron Foundation Scam in February 2018

Among others, Binance was also one of the victims of this verified-account phishing attacks.

Twitter says that changing one’s username should result in losing the verified-profile privilege. If this feature worked as described though, these scams shouldn’t have been possible.

Please note: changing your username will result in losing your badge. Questions? File request at http://t.co/zb2ykUyF we'll get to it ASAP!

— Twitter Verified (@verified) July 19, 2012

Concerned users brought the phishing scam to the attention of Twitter CEO Jack Dorsey back in late-February.The Twitter chief confirmed the bug and assured the company is working on a solution.

Yes, we discovered this and are fixing process.

— jack (@jack) February 26, 2018

Despite these promises though, it is quite clear that the micro-blogging service has yet to deploy a fix for this bug. And given the wild volume of scams in the cryptocurrency space, Twitter better act quick.

We’ve contacted Twitter for further comment and will update this piece if we hear back.