Hackers have been stealing verified inactive Twitter accounts to promote cryptocurrency scams, usually using the image of celebrities, like Elon Musk, of bait. As revealed by the BleepingComputer, a website specializing in cybersecurity, these scammers stole at least $ 145,000 in bitcoin (BTC), ether (ETH) and dogeocin (DOGE) over the past week.
Hackers steal verified accounts
The first step in operating the scheme is the acquisition of “trusted” Twitter accounts to promote the links and pages that lead to the theft of cryptocurrencies. Therefore, hackers invade verified users on the social network, usually inactive for at least a few months, and who already have even millions of followers.
Once under the power of the scammers, these accounts are used to convey confidence to potential victims. A verified account that already has many followers gives credibility to the fraudulent links and sites that are promoted.
Tesla, Elon Musk and Gemini are baits
The second step is the use of images of companies and famous figures in the crypto sector. Elon Musk is the main face used to draw the victims’ attention, but Gemini, the exchange for the Winklevoss twins, and Tesla herself also have their images used as bait.
These famous figures would be generously promoting cryptocurrency prizes and sweepstakes through publications on the social network that the stolen verified accounts disclose and share. There is a network of fake users who comment on the posts stating that the prizes would be real.
Upon accessing the publicized website, victims would first have to send an amount of BTC, ETH or DOGE to supposedly receive twice as much back. Obviously, this transferred amount is pocketed by the scammers.
Coup raises $ 145,000 in one week
This scam is not new, it has been occurring for at least two months. THE BleepingComputer analyzed the movements of the digital wallet addresses published by the fraudulent websites and found that only last week the scammers collected at least US $ 145 thousand, but the total value of this latest wave of thefts is higher.
Last month, the portal had denounced exactly the same scam, operating in an identical manner, but it seems that users continue to fall into the criminals’ baits. In its previous analysis, the BleepingComputer had identified that $ 580,000 was stolen in cryptocurrencies only in the second week of January.
The main difference is that fraudsters previously profited much more and worked almost exclusively with bitcoin. This time, the scams started to include dogecoin and ether’s share of profits increased exponentially.
Of the new stolen amount, $ 70,000 was in bitcoin, $ 52,000 in ether and $ 26,000 in dogecoin, indicating that the appreciation of the last two crypto also made them more attractive to scammers.
At least 48 verified accounts are used
THE MalwareHunterTeam carried out the survey of verified stolen accounts that are being used to promote the scams. “Just last week, I tweeted about 48 verified accounts that I saw being used to spread fraud. Obviously I didn’t see everything, so the total number is certainly more than 50 ”, concluded the group in its thread created on Twitter to unmask these schemes.
So, on the past week alone, I have tweeted about 48 verified accounts that I seen being used to spread scam. Obviously I did not see everything, so the total number is surely over 50…
Doing this thread took a lot time, so won’t repeat it, I think this one was enough for everyone.
– MalwareHunterTeam (@malwrhunterteam) February 26, 2021
Multiple fake users copy Elon Musk’s name, his cover and profile photo. One of the publications says, “To celebrate Tesla’s adoption of cryptocurrencies, we decided to hold a special event.” The post continues, promoting a link that leads to a website where 5,000 BTC are supposed to be drawn.
Another verified account is being used to spread Musk themed scam: https://t.co/9XfWZ0wOQ7 pic.twitter.com/LCT9FuRKqW
– MalwareHunterTeam (@malwrhunterteam) February 17, 2021
With information: BleepingComputer