Cryptocurrency scammers have made at least $145,000 this week by promoting fake giveaways through hacked verified Twitter accounts.
Last month, we reported an increasing trend where verified Twitter accounts are hacked to promote fake cryptocurrency giveaways. At the time, these scams pulled in a massive $580,000 in cryptocurrency over a one-week period.
The attackers target verified accounts with thousands, if not millions, of followers. They then tweet fake giveaway scams from well-known people or companies, such as Elon Musk, Tesla, Gemini Exchange, and more recently, Chamath Palihapitiya, and Social Capital.
When tweeting the scams, it is common to see different Twitter sock puppets talking to each other as they promote each other's tweets, as shown below.
Embedded in the tweets are links to sites that redirect to sites pretending to be Medium posts that promote the giveaway and include further links to the actual giveaway site, as shown below.
These sites tell visitors to send cryptocurrency to the listed address, and the site will send back double the amount you sent.
People continue to fall for these scams
Unfortunately, no matter how much BleepingComputer and other reporters cover these scams, people continue to fall for them.
MalwareHunterTeam, who has been monitoring these scams, has told BleepingComputer that the scammers continue to hack verified Twitter accounts with no sign of letting up.
From the list of examples MalwareHunter shared with BleepingComputer, we have determined that the scammers have made at least $145,000 this week alone.
These earnings include 1.49094148 bitcoins, with at today's high prices is equal to $70,382.16.
| Bitcoin address | Amount | USD amount |
| 1L2dzTrwrA15ZbTVWeDfznMMxQ4d9shzPm | 0 | 0 |
| 1E9GwoiRbzzEgQXk32J5ksr9FbcfGcJXuZ | 0.77457775 | $36,565.12 |
| 1CLAbY5VwBgnECbi5SQc97URaE9p1AUsNj | 0.71636373 | $33,817.04 |
| 33J8sHT2mZ7wJ6vhTssRChU3hCniZrZ6ej | 0 | 0 |
| 1Jg4oyfZqMkDDmtLss5nyaPWghowP1BpFJ | 0 | 0 |
The Ethereum giveaway scams did well for the scammers too, earning them $51,758.61.
| Ethereum address | Amount | USD amount |
| 0x3765960B3083F73505dac655DF99F22F8f76CBcE | 0 | 0 |
| 0x42d2A758f71FA555AeECa1dFb2c2DAbdaA10Fb45 | 29.668293964802919726 | $44,581.95 |
| 0x6B02FcF85552765A42aa72d310D38A423c52AA72 | 3.731603283835171752 | $5,563.56 |
| 0xe565e041DEC29f45200A15cd3e5954AF661aA4C8 | 1.08347580374039716 | $1,613.10 |
Finally, Dogecoin, the newcomer in cryptocurrency giveaways, generated $26,004.94.
| Dogecoin address | Amount | USD amount |
| D6KkJA616qq64czYfcSLYgYLskQMT5hfj2 | 289,710.01032007 | $14,619.06 |
| D8h7ghzJ9SiT97ZAzoFAvEU7wGdufGS6BA | 199,170.61769190 | $10,264.18 |
| DC822cesUE5drToEnKMSstBfj9Bph4wGuc | 19,436.27584906 | $1,121.70 |
As many of the sites associated with these scams switch to different URLs and cryptocurrency addresses, the scammers likely made much more this week.
As these scams generate an incredible amount of money for the threat actors, they are not going away any time soon.
Therefore, everyone needs to understand that the vast majority of cryptocurrency giveaways are scams.
It is safer to treat any cryptocurrency giveaway you see online as a scam and understand that anything you send will not produce anything in return.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
dogsofhellfire2600 - 4 years ago
Anyone can fall for these scams, but these particular scams are so transparent that anyone thinking clearly would know that you don't get something for nothing anywhere, ever. Just mind boggling that people still fall for some of these scams.
Lawrence Abrams - 4 years ago
I agree but unfortunately people keep sending money and the scammers keep getting richer.
This is big money with little work.