Crypto Hustles: How Scammers Use Twitter To Steal Nfts, Digital Currencies
Satnam Narang, a staff research engineer at the cybersecurity firm Tenable Inc. in his latest blog pointed out that over the last few months, a variety of non-fungible token (NFT) projects including Bored Ape Yacht Club (BAYC), Azukis, MoonBirds, and OkayBears have been impersonated on Twitter to steal users’ NFTs and digital currencies like Ethereum and other altcoins.
Narang explains that to create hype, many of these projects have been promoting upcoming integrations with their metaverses, giving scammers ample opportunity to capitalize on new or rumoured announcements in association with these projects.
He stated that “scammers leverage Twitter mentions to capture attention.” According to him, recently, Twitter users with an interest in NFTs and cryptocurrency are likely to have received notifications in their Twitter Mentions. The cryptocurrency scammers are tagging users in replies across hundreds of tweets. By mentioning these Twitter usernames, they’re trying to pique their curiosity in a bid to trick some users into falling for their scams.
Narang pointed out some of the notable scams that used Twitter accounts.
In his opinion, airdrops and free NFTs are the perfect vehicles for cryptocurrency scams.
One of the bluechip NFT, BAYC earlier this year announced an Airdrop of ApeCoin to holders of its various NFT projects like BAYC, Mutant Ape Yacht Club, and Bored Ape Kennel Club.
This was seen as an opportunity by scammers to target the interest in this upcoming airdrop, Narang added, “and began creating campaigns by hijacking verified Twitter accounts to drive users to phishing sites.”
Further, Narang added that these hijacked verified accounts were pivoted to use profile pictures (PFPs) of BAYC NFTs to lend legitimacy to their claims of airdrops of $APE tokens. Additionally, the scammers used these verified accounts to mention users en masse to capture their attention.
Apart from BAYC, scammers have been impersonating many other notable NFT projects such as Azukis, Moonbirds, Invisible Friends, and emerging projects on the Solana blockchain like OkayBears.
Scammers have used every opportunity to loot NFTs and other digital currencies. One of the knowns was also on April 30 when Yuga Labs launched its Otherside metaverse project, a way for BAYC NFT holders to purchase deeds (“Otherdeeds”) of land in their metaverse.
The Yuga launch overwhelmed the Ethereum network, resulting in high gas fees for enthusiasts who were trying to mint a piece of land in the metaverse. Eventually, this led to a significant backlash from some of the project’s most vocal supporters.
On the backlash of BAYC’s Otherside Metaverse, Narang said, to capitalize on the frustration felt by these enthusiasts, scammers quickly moved to create fake OthersideMeta accounts on Twitter, promoting phishing pages not just for minting Otherdeeds, but also pages for those wanting to get a refund of the excessive gas fees they paid attempting to acquire the Otherdeeds.
Narang revealed that a fellow researcher who goes by the pseudonym Zachxbt recently noted that the BAYC Otherside phishing sites were so successful that they were able to locate three cryptocurrency addresses that had stolen several NFTs from Mutant Ape Yacht Club (MAYC), BAYC, Azuki and others to the tune of $6.2 million.
Not just that, scammers also warn about scammers using fake accounts to make their tweets legitimate. The scammers leverage fake accounts that respond to the tweet to make it appear legitimate and further gain the trust of investors.
Narang also said that once they’ve seeded a few of these fake tweets, they leverage a built-in Twitter feature for conversations to restrict who can respond to their tweets, which prevents users from warning others of the potential fraud that lies ahead.
Notable, the latest data from SparkToro and Followerwonk revealed that 19.42%, nearly four times Twitter’s Q4 2021 estimate, fit a conservative definition of fake or spam accounts.
SparkToro and Followerwonk conducted a rigorous, joint analysis of five datasets including a variety of active (i.e. tweeting) and non-active accounts from May 13-15. The data statement said, “the analysis we believe to be most compelling uses 44,058 public Twitter accounts active in the last 90 days. These accounts were randomly selected, by machine, from a set of 130+ million public, active profiles. Our analysis found that 19.42%, nearly four times Twitter’s Q4 2021 estimate, fit a conservative definition of fake or spam accounts (i.e. our analysis likely undercounts).”
In Twitter’s Misleading and deceptive identities policy, on the website said, “you may not impersonate individuals, groups, or organizations to mislead, confuse, or deceive others, nor use a fake identity in a manner that disrupts the experience of others on Twitter.”
On Twitter, one of the main elements of identity is the account’s profile which has a username (@handle), account name, profile image, and bio.
Twitter in its policy mentioned about three methods to identity a deceptive account. These are:
1. Profiles that authentically portray the account owner are unlikely to violate this policy. These types of profiles often use the name of the account owner. Accounts that use business names, stage names, or pseudonyms may also fall into this category.
2. One of the main factors in their review is that Twitter looks into whether a profile uses an image that depicts another person or entity. If Twitter finds evidence that demonstrates an unauthorized use of another’s image (such as from a valid report from the individual or organization depicted), then it will assess whether the profile image is used in a misleading or deceptive manner. Further, they also weigh deceptiveness when an account uses a computer-generated image of a person to pose as someone who doesn’t exist.
However, Twitter also explains that “using an image depicting another person or entity is not necessarily in violation of this policy and we are less likely to take action on accounts where the use of the image does not mislead others.”
3. Further, Twitter determines whether a profile features another’s image, and they also evaluate the context in which the image is used. However, it needs to be noted that, Twitter is most likely to take action if an account falsely claims to be the entity portrayed in the profile photo, as with impersonation or fake accounts. In rare cases, Twitter may take action on an account that does not use another’s image if the profile includes significantly misleading information, such as a location that does not match the location of the account owner.
But it needs to be noted that Twitter in the policy also explains that it “allows the use of pseudonymous accounts, meaning an account’s profile is not required to use the name or image of the account owner. Accounts that use pseudonyms or that appear similar to others on Twitter are not in violation of this policy, so long as their purpose is not to deceive or manipulate others.”
As per Narang, There are a few ways Twitter could intervene to make things harder for scammers when it comes to these impersonations. These are:
1. Make the NFT profile pictures feature available to all users instead of just paying members of Twitter Blue.
2. Temporarily hide tweets and profiles for verified accounts that change their profile pictures and names.
3. Create warnings for profiles and links shared by verified Twitter accounts that recently changed their names and profile pictures.
4. Watch for signals such as mass tagging on tweets. To gather the attention of users, scammers are relying on tagging many users in replies to tweets. If a tweet begins to receive replies that are tagging multiple users, flag the original tweet/account and subsequent replies as suspicious.
Further, Narang guided Twitter users to be sceptical of cryptocurrency. He explains that if you’re proactively tagged in a tweet, you should be highly suspicious of the motivations behind it, even if it comes from a verified Twitter account. Seek out the original project’s website and cross-reference links that you see being shared on Twitter with the ones on their official website. Scammers will also rely on the urgency to try to add pressure on users in this space. If an NFT mint is happening, they’ll say that there are a limited number of spots left. This urgency makes it easier to take advantage of users not wanting to miss out on the opportunity.