Cybersecurity: Twitter littered with thieves that are eyeing your assets

By Mehab Qureshi

Twitter is wary of crypto scams, and this is not something new. In the past, Elon Musk has talked about Twitter being flooded with crypto scams. “Whenever someone famous tweets, their comment section is quickly flooded with messages from bot accounts about a fake crypto-giveaway. These scams provide malicious links designed to steal assets from crypto- wallets. What is Twitter doing to address it?” said Shaun Cherian, a Mumbai-based crypto enthusiast and NFT collector.

Cryptocurrency scammers are determined to find creative ways to gain access to crypto-wallets. These cybercriminals tag users in replies across hundreds of tweets. Hackers hijack verified and unverified accounts on Twitter to impersonate popular NFT projects, including Bored Ape Yacht Club (BAYC), Azukis, MoonBirds and OkayBears, and steal users’ crypto assets by driving them to phishing sites.

Another NFT enthusiast, Kaushal V, agreed that such scam messages are everywhere in the comment section. “The premise is simple. You tweet with popular keywords like #NFT, #NFT community, #crypto, etc. There’s always some bot that monitors these tweets and quickly retweets your tweet—after which the scam account shares a malicious link as a free giveaway,” he said. “What’s surprising is the kind of engagement these scam messages get.”

Satnam Narang, staff research engineer at Tenable, a cybersecurity research firm, sheds light on how NFT and crypto scams work on Twitter. The hackers first purchase a verified Twitter account or an account with hundreds of thousands of followers. They then pivot the account to impersonate notable NFT projects and slowly start tweeting about upcoming or recently held airdrops or projects, with links pointing to phishing websites. NFT or crypto airdrops promise to give free crypto tokens or NFTs that require the user to link their crypto-wallet. To garner attention, the scammers utilise an army of fake accounts, retweeting and tagging users across hundreds of scam tweets. They then wait for users to click on the phishing links and grant access to their cryptocurrency wallets, so that they can steal NFTs and digital currencies.

According to Narang, the success of some blue-chip NFT projects has paved the way for their broader adoption by promoting upcoming integrations with their own metaverses, giving scammers ample opportunity to capitalise on new or rumoured announcements about these projects.

It should be noted that these phishing sites are indistinguishable from legitimate NFT project sites. “Rather than relying on traditional usernames and passwords, users are convinced to connect their cryptocurrency wallets. By doing so, scammers can then transfer out the digital currencies like Ethereum ($ETH) or Solana ($SOL), as well as any NFTs held in these wallets,” Narang wrote in a blog post.

Interestingly, scammers have also pivoted to appear like good Samaritans by using the threat of potential scammers as a pretext for why they “clean” or “close” comments or replies to their tweets. “Once they’ve seeded a few of these fake tweets, they leverage a built-in Twitter feature for conversations to restrict who can respond to their tweets, which prevents users from warning others of potential fraud ahead,” he added.

What could Twitter do?
Narang believes there are a few ways Twitter could intervene to make things harder for scammers when it comes to such impersonation. “Make the NFT profile pictures feature available to all users, instead of just paying members of Twitter Blue. Because blockchains are meant to help verify trust, allowing everyone to use this feature will provide a mechanism by which users can verify the authenticity of tweets from someone using a BAYC profile picture,” he noted.

He said Twitter should also temporarily hide tweets and profiles for verified accounts that change their profile pictures and names. Last, there’s need to watch out for signals such as mass tagging on tweets. For instance, if a tweet receives replies that are tagging multiple users, the original tweet/account and subsequent replies should be flagged as suspicious.

“If you’re proactively tagged in a tweet, you should be highly suspicious of the motivation behind it, even if it comes from a verified Twitter account. Seek out the original project’s website and cross-reference links that you see being shared on Twitter with the ones on their official website,” he concluded.

Originally appeared on: TheSpuzz