According to research released on Thursday, a fraud network made up of thousands of fake Twitter accounts has been imitating real NFT stores to steal money from cryptocurrency users.
The report is the latest sign that cryptocurrency-related scams are still common on social media, even though consumer protection groups have warned people many times. It also raises new questions about what Twitter is doing to get rid of fake accounts, which the company’s new owner, Elon Musk, has promised to get rid of or “die trying”
Researchers at the threat intelligence company Nisos found that between July 26 and October 11, more than 3,000 Twitter accounts sent out nearly 6,000 tweets with links to fake storefronts that offered to mint free non-fungible tokens (NFTs). Researchers say that thousands of other fake accounts helped spread these tweets.
Under the guise of making a new NFT, the fake NFT stores tricked people into giving them access to their wallets. This gave fraudsters access to the owner’s NFTs and other virtual currency funds, which they stole.
Like bitcoin, NFTs are virtual assets that only exist on the blockchain. NFTs have become more valuable to collectors because they are unique and can’t be copied.
Researchers couldn’t figure out how much money fraudsters stole from their victims. Since the scam started, scammers’ wallet addresses have “received hundreds of transactions ranging from tens to hundreds of dollars,” according to an analysis done by researchers with the help of the cryptocurrency tracking company Chainalysis.
Fraudsters were able to trick people into trusting them by making Twitter accounts that looked like those of real NFT marketplaces. For example, researchers found the accounts @ Imaginry Ones and @Imaginry Ones, which are different versions of @Imaginary Ones, an NFT platform with almost 500,000 Twitter followers. Researchers found that the fraud network used more than 500 domains, all of which were linked to the same IP address.
Researchers couldn’t say for sure where the network came from, but all of the accounts that sent out the first tweets followed three Indonesian accounts. The research in the report only goes up to October 11. However, researchers have confirmed that the network and many of the Twitter handles listed in the report are still active.
Twitter didn’t answer right away when asked for a comment
The fraud ring that Nisos researchers found is not the only one of its kind. Bloomberg said in May that scammers were taking over Twitter accounts to pretend to be well-known NFT projects and promote apps that steal credentials.
Satnam Narang, a researcher at the cybersecurity company Tenable who has done a lot of research on cryptocurrency scams, said of the Nisos report, “From what I’ve seen, this is pretty standard fare.”
As with the Nisos report, he said that it is common for scammers to use secondary networks of accounts to quote-tweet the original tweet and spam users by tagging them. The quote tweets are more likely to be flagged for removal than the main tweet with the link to the storefront.
The Nisos report highlights a worry that consumer protection advocates have known for a long time: social media platforms are a major way that cryptocurrency scams spread. In fact, the FTC found that cryptocurrency fraud losses rose to more than $1 billion between January 2021 and March 2022, with almost half of the victims coming from social media. (The FBI says that fraud involving cryptocurrency will cost $1.6 billion in 2021.)
Before, scammers on social media mostly used so-called “giveaway” scams, in which they tell investors to send money to a wallet address with the promise of doubling their returns, but the money is actually stolen. People who run these kinds of scams often pretend to be well-known cryptocurrency figures like Musk to make themselves seem more trustworthy.
But Narang says that many con artists have switched their focus to getting their victims to connect their wallets to malicious software, which is a much better way to steal their assets.
Even though the scammer in the Nisos report didn’t use verified accounts to find victims, Narang said that scammers often use verified accounts as a useful tool, especially when pretending to be big names in the industry. Even though Musk bought the company, this is still true, which makes me wonder how the platform will verify users in the future.
“I know a lot of the focus has been around like, ‘oh scammers are just going to spend $8 and purchase verified accounts and use those to like impersonate X, Y and Z,” Narang said. “The thing I think that’s get lost in that whole equation is that [scammers] don’t have to go and purchase those accounts right now. They are able to compromise existing verified accounts that have not paid any money to Twitter and turn those into scam accounts.”
He said that giving users access to verification would only make it easier for fraudsters to commit these kinds of crimes.
Even cryptocurrency scammers have taken advantage of the confusion over Elon Musk’s plans for verification. In one scheme, users who link their wallets get Twitter Blue and an NFT for free. Before it was taken down, the scam had reached 35,000 RT.
Even though Twitter’s policies on account verification aren’t clear, it doesn’t look like cryptocurrency scammers will leave the site. “Twitter is a basic communications platform for a lot of these projects, Narang said. Since cryptocurrency users hang out on Twitter, it makes sense that these con artists will be there.