According to new research published by Tenable research engineer Satnam Narang, scammers have once again dug out their box of tricks to take advantage of the success surrounding so-called non-fungible tokens (NFTs) and cryptocurrencies.
Cybercriminals are hijacking verified and unverified Twitter accounts to impersonate popular projects from NFTs such as Bored Ape Yacht Club (BAYC), Azukis, MoonBirds, and OkayBears, and thus steal users’ digital assets through phishing websites.
The success of some of these top NFT projects has paved the way for wider adoption by promoting upcoming integrations with their own metaverses, giving fraudsters ample opportunities to capitalize on new announcements or rumors about these projects.
The other BAYC phishing sites were so successful that it was possible to locate three crypto addresses that had stolen multiple NFTs from MAYC, BAYC, Azuki and others, totaling $6.2 million.
In Brazil, an 80% increase in phishing attack attempts was recorded with the aim of financial theft in 2021, according to the Brazilian Federation of Banks (Febraban).
As for scams that include the cryptocurrency segment, the Device Fraud Scan 2022 survey showed that there was a average of 3.7 fraud attempts in the financial sector per minutein the period between 9 am and 8 pm, in 2021 in the country.
Also according to research by engineer Satnan Narang, Twitter-linked scams are so successful because they go through different levels of promotion and validation, making them complex for unsuspecting users to uncover. Narang reveals the scheme of these scams:
The most common scams on Twitter
Scammers exploit Twitter mentions to get attention
Cryptocurrency scammers are tagging users in response to hundreds of tweets in an attempt to lead them to phishing sites. These fake websites are usually so similar to legitimate websites of the NFT project that the average user finds it difficult to tell them apart. Instead of using traditional names and passwords, users are convinced to connect your cryptocurrency wallets. By doing so, scammers can transfer digital currencies such as Ethereum ($ETH) or Solana ($SOL), as well as any NFTs held in these wallets.
Airdrops and NFTs run cryptocurrency schemes
Airdrop is a promotional activity made to help boost a digital currency project. Bored Ape Yacht Club (BAYC), earlier this year, announced an ApeCoin Airdrop to holders of its various NFT projects such as BAYC, Mutant Ape Yacht Club, and Bored Ape Kennel Club. The scammers saw this ad as a perfect opportunity to capture interest in this upcoming airdrop and started creating campaigns by hijacking Twitter accounts. verified to lead users to phishing sites.
Scammers themselves warn of scams to give legitimacy to tweets
Scammers have also created a ploy to look like Good Samaritans, using the threat of potential scammers as a justification for “clean up” either “to close” comments or replies to your tweets. Once they have planted some of these fake tweets, they take advantage of one on Twitter to restrict who can reply to their tweets, preventing users from warning others about the potential scam that awaits them.
“The stories of ‘crypto millionaires’ are attractive and increase the desire of users to invest in cryptocurrencies and NFTs. Unfortunately, scammers are well aware of this interest and take advantage of those seeking exceptional profitssays Satnam Narang, a search engine engineer at Tenable.
“Operating from a place of skepticism can provide some security for users when it comes to these types of scams. If you are proactively tagged in a tweet, you should be very suspicious of the motivations behind it, even if it comes from a verified Twitter account. Find the original project website and cross-reference any links you see shared on Twitter to its official website. Fraudsters will also rely on urgency to try to pressure users into this space. If there is an NFT coin, they will say there is a limited number of points left. This urgency makes it easy to attract users who don’t want to miss out. Ultimately, if something sounds too good to be true, it probably is.“, he added.
Disclaimer: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.