Analysis of NFT and cryptocurrency thefts via hacked Twitter accounts

According to Tenable, scammers on the web are legion and are getting creative to take advantage of the non-fungible token (NFT) and cryptocurrency craze.

There have been in recent months many attacks, scams in different forms against many NFT projects but also iconic projects like Bored Ape Yacht Club, Azuki, Moonbirds, Invisible Friends spoofed to steal NFTs and digital currencies. Scammers use verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to lead them to phishing websites. Scammers leverage the assets of legitimate NFT Project sites to create their phishing sites, which would make it difficult for the average cryptocurrency enthusiast to tell them apart. Scammers will also use popular services like Linktree to lead users to fake pages that imitate NFT marketplaces like OpenSea and Magic Eden.

In France, scams related to cryptocurrencies have increased. According to the mediator of the Autorité des Marchés Financiers (AMF), cryptocurrencies would be linked to a quarter of the scams reported in 2021, compared to 6% the previous year. The organization specifies that it has received 78 files, presenting damage ranging from 169 euros to 337,000 euros.

Scammers exploit Twitter mentions to get attention

Cryptocurrency scammers mention users in replies to hundreds of tweets in order to lead them to phishing sites. These look like legitimate NFT project sites, making them difficult for the average cryptocurrency enthusiast to tell apart. Rather than traditional usernames and passwords, users are tricked into connecting their cryptocurrency wallets. By doing so, scammers are able to transfer cryptocurrencies like Ethereum ($ETH) or Solana ($SOL), as well as any NFT held in these wallets.

Free Airdrops and NFTs Drive Cryptocurrency Scams

Airdrop is used as a promotional activity to facilitate the start of a cryptocurrency project. The Bored Ape Yacht Club (BAYC) announced earlier this year an airdrop of ApeCoin to holders of its various NFT projects such as BAYC, Mutant Ape Yacht Club and Bored Ape Kennel Club. Scammers saw this announcement as an opportunity to capitalize on the interest generated by this upcoming Airdrop and started creating campaigns by hijacking verified Twitter accounts to lead users to phishing sites.

These hacked verified accounts were pivoted to use profile pictures (PFP) of BAYC NFTs to legitimize their claims of $APE token airdrops. Moreover, crooks used these verified accounts to mention users in bulk to capture their attention.

Scammers warn against scammers to add legitimacy to tweets

The crooks may also come across as good Samaritans by citing the threat of potential scammers as justification for “cleaning up” or “closing” comments or replies to their tweets. Once they seed a few of these fake tweets, they take advantage of a Twitter feature built into conversations that limits who can reply to their tweets, preventing users from warning others about the potential fraud that awaits them.

Scammers follow the same playbook

  • Hack or buy a verified Twitter account or an account with hundreds of thousands of followers
  • Pivot the account to impersonate notable NFT projects or their members using PFPs and other project images
  • Tweet about upcoming or recently held airdrops or mints for projects with links pointing to phishing websites
  • Tag users directly from the spoofed account or use an army of fake accounts to tag users on hundreds of tweets
  • Waits for users to click on phishing links and grant access to their cryptocurrency wallets in order to start stealing NFTs and digital currencies

We want to say thanks to the writer of this article for this amazing material

Analysis of NFT and cryptocurrency thefts via hacked Twitter accounts

You can find our social media accounts as well as other related pages