How scammers hack Twitter accounts to steal popular NFTs and digital currencies
Twitter is wary of crypto scams, and this is not something new. In the past, Elon Musk talked about Twitter being flooded with crypto scams. “Whenever someone famous tweets, their comment section is quickly flooded with messages from bot accounts about a fake crypto-giveaway. These scams are malicious links designed to steal crypto wallets, in the lure of getting a profitable airdrop. What is Twitter doing anything to address it?” Shaun Cherian, a Mumbai based crypto enthusiast and NFT collector, told indianexpress.com.
Cryptocurrency scammers are determined to find creative ways to gain access to crypto-wallets and steal digital assets. These cybercriminals tag users in replies across hundreds of tweets. Hackers hijack verified and unverified accounts on Twitter to impersonate popular NFT projects, including Bored Ape Yacht Club (BAYC), Azukis, MoonBirds and OkayBears, to steal users’ crypto assets by driving them to phishing sites.
Another NFT enthusiast, Kaushal V, confirmed that these scam messages are everywhere in the comment section.”The premise is simple. You tweet with popular keywords like #NFT, #NFT community, #crypto, etc. There’s always some bot that monitors these tweets and quickly retweets your tweet—after which the scam account shares a malicious link as a free giveaway,” he said. “What’s surprising is the kind of engagement these scam messages get.”
Kaushal told indianexpress.com that he was also the target of such scams, and lost access to his crypto wallet. “Thankfully, I didn’t lose a lot of assets, but no loss is less.”
Best of Express Premium
“Be very careful if you are approached on Twitter by an NFT artist, 99 per cent of the times it is a scam. Cyber criminals tend to offer very high compensation just to lure you in, and then send you an email which will contain malware, once you open that email, they will hack your computer and you may end up losing all your cryptos and NFTs,”said Aahil Vir, a vivid NFT collector.
Satnam Narang, Staff Research Engineer at Tenable, a cyber security research firm, sheds light on how NFT and crypto scams work on Twitter. The hackers first purchase a verified Twitter account or an account with hundreds of thousands of followers. After which, they pivot the account to impersonate notable NFT projects.
Slowly, these accounts start tweeting about upcoming or recently held airdrops or projects, with links pointing to phishing websites. NFT or crypto airdrops promise to give free crypto tokens or NFTs that require the user to connect their crypto-wallet. Now to garner attention, scammers utilise an army of fake accounts to retweet and tag users across hundreds of scam tweets. Scammers then wait for users to click on the phishing links and grant access to their cryptocurrency wallets to begin stealing NFTs and digital currencies.
According to Narang, the success of some of these blue-chip NFT projects has paved the way for broader adoption by promoting upcoming integrations with their own metaverses, giving scammers ample opportunity to capitalise on new or rumoured announcements about these projects. According to the research, these scams occur in many different ways.
It should be noted that these phishing sites are indistinguishable from legitimate NFT project sites, making it difficult for the average cryptocurrency enthusiast to tell them apart.
“Rather than relying on traditional usernames and passwords, users are convinced to connect their cryptocurrency wallets. By doing so, scammers can then transfer out the digital currencies like Ethereum ($ETH) or Solana ($SOL), as well as any NFTs held in these wallets,” Narang writes in a blog post.
Interestingly, scammers have also pivoted to appear like good Samaritans by using the threat of potential scammers as justification for why they “clean” or “close” comments or replies to their tweets. “Once they’ve seeded a few of these fake tweets, they leverage a built-in Twitter feature for conversations to restrict who can respond to their tweets, which prevents users from warning others of potential fraud ahead,” the researcher adds.
“As an NFT artist, whenever one makes a sale, its natural to tag the collector and talk about the sale. The idea is to get more collectors interested but the same post also attracts scammers who then DM you to do a commission or will send links that will lead to a phishing scam. If someone wants to buy your art, ask them to buy via blockchain, doing anything else you open yourself up to scammers to take advantage of. I get a ton of mails and DMs both on Twitter and Instagram when I post about sales or new collections. I verify the ids or outright block them. It better not to have a sale this way then be scammed,” Winsomepriyanka, Acrylic and Figurative Artist selling via Foundation and OpenSea told indianexpress.com.
In April this year, the Twitter account of Uttar Pradesh Chief Minister Yogi Adityanath was compromised. His profile picture was replaced with a Bored Ape Yacht Club NFT, which was used to promote phishing sites for the Azuki NFT project. Late last year, the Twitter account of Prime Minister Narendra Modi, who has over 70 million followers, was briefly hacked. Attackers claimed India had embraced bitcoin as a legal tender and would distribute it to citizens.
What could Twitter do?
Narang believes there are a few ways Twitter could intervene to make things harder for scammers when it comes to these impersonations. “Make the NFT profile pictures feature available to all users, instead of just paying members of Twitter Blue. Because blockchains are meant to help verify trust, allowing everyone to use this feature will provide a mechanism by which users can verify the authenticity of the tweets from someone using a BAYC profile picture,” he notes.
He advises Twitter to temporarily hide tweets and profiles for verified accounts that change their profile pictures and names. “By temporarily hiding these tweets and profiles when they make such a change to their profiles, Twitter would give its abuse team the chance to manually review these changes before the scammers wreak havoc,” he explains.
Lastly, watch for signals such as mass tagging on tweets. For instance, if a tweet receives replies that are tagging multiple users, flag the original tweet/account and subsequent replies as suspicious.
“If you’re proactively tagged in a tweet, you should be highly suspicious of the motivations behind it, even if it comes from a verified Twitter account. Seek out the original project’s website and cross-reference links that you see being shared on Twitter with the ones on their official website. Scammers will also rely on the urgency to try to add pressure on users in this space. If an NFT mint is happening, they’ll say there are a limited number of spots left. This urgency makes it easier to take advantage of users who want to miss the opportunity. Ultimately, if something sounds too good to be true, it probably is,” he concludes.