Verified X/Twitter Accounts Hacked to Spread Cryptoscams

X/Twitter Crypto Scams From Verified Accounts
Attackers are targeting Twitter users from verified accounts

The trend of hacking official accounts to promote cryptocurrency fraud is gaining momentum. Over the past week, researchers have discovered an abnormal number of such incidents.

X/Twitter Crypto Scams From Verified Accounts

Today, we are witnessing an unpleasant trend: hackers increasingly target verified Twitter accounts. To be more specific, this refers to individuals who are part of government or business organizations. Usually, these accounts are distinguished by ‘gold’ and ‘gray’ checkmarks, which indicates that this account belongs to a reputable company or person. Crooks hijack such accounts to promote cryptocurrency scams, phishing websites, and platforms equipped with crypto drainers.

Stolen verified accounts screenshot
Attackers stole verified accounts

Just yesterday, we wrote about the incident with the Mandiant X/Twitter account, a Google subsidiary and a prominent player in cyber threat intelligence. Thing is – they are not alone. With just a bit of difference, the same hacks-and-scams were happening to dozens of verified accounts on X. Within the 5 days of the new year alone, researchers have reported hacking three public accounts. We are talking about the nonprofit consortium “The Green Grid”, Canadian senator Amina Gerba and Brazilian politician Ubiratan Sanderson. Despite the absolute incoherence of the victims, they were united by one thing – a sudden ardent interest in cryptocurrency.

How Does Twitter Crypto Scams Work?

To start, scammers create a fake profile of a famous person. Most often, it is Elon Musk, as it is his style to promote dubious things. Next, the fake account tries convincing users to click the link. The further scenario depends on the type of fraud – either a crypto draining scam, an investment fraud, or a fake airdrop scheme. Let’s briefly check each one out.

Fake investment is an attempt by fraudsters to trick the victim into investing money. It can be a dubious cryptocurrency, artificially inflated and then dumped, thanks to which the value falls sharply. As a result, the victim loses his investment and is left with worthless coins.

Another method of fraud is crypto drainers. In short, the victim is tricked into agreeing to fraudulent transactions. The peculiarity of this method is that the victim signs a transaction that looks legitimate but allows fraudsters to withdraw money from the victim’s wallet without confirmation.

Fake airdrop scams are designed for those who want easy money. The scammers offer users the option to send any money to the specified wallet and promise to send double the amount in return. However, no one will send anything in return after the victim sends money.

Airdop scam example screenshot
Example of an airdrop scam posted from a verified account

Eligibility and Trust Undermined

Initially, a blue check mark was the sign of a verified Twitter account. It was obtained by providing a document proving the user’s identity. Later, anyone could get a checkmark for $8 a month, leading to a flood of scammers creating fake celebrity accounts and successful cryptocurrency scams. These days, the division of the ticks into gold, gray, and blue. The gold checkmark is given to the accounts of large companies—and the gray tick is to government organizations. The blue checkmark is given to individuals, regardless of their fame. Obviously, the first two options have caused a stir among cybercriminals.

The Black Business for Verified Twitter Accounts

According to a report from CloudSEK, a digital risk monitoring platform, a black market is thriving where compromised gray and gold X accounts are being sold. This illicit market is based on selling high-profile accounts marked with gold and gray checkmarks, indicating their verified status. Although these accounts should symbolize trust and authenticity, they are sold for $1,200 to $2,500. For example, one such account, inactive since 2016, has 28k subscribers and sold for 2500 dollars.

Threat actors advertising to buy Twitter Gold accounts on dark web marketplaces screenshot
Threat actors advertising to buy Twitter Gold accounts on dark web marketplaces (source: CloudSEK)

The process often involves hijacking dormant accounts with the potential for high follower counts and converting them into verified profiles using dubious means. In some cases, the hackers offer additional services by attaching scam accounts as affiliates to these verified profiles. This lends the scam accounts an aura of legitimacy and allows them to bypass more stringent verification processes, facilitating easier manipulation of unsuspecting victims.

Recommendations for Account Security

It is concerning that many well-known companies’ Twitter profiles have been hacked recently to spread crypto scams. This poses a risk of falling victim to such scams and the possibility of misinformation or more severe scams. Thus, knowing how to respond when encountering a hacked account and spreading questionable links is essential.

Firstly, avoiding following any links posted by such accounts is advisable. Whether they lead to a crypto drainer, fake airdrop, or investment scam page, it is best to avoid visiting them.

Secondly, you can report the hacked account to moderators. The reports menu has an option called Deceptive Identities, which will allow the system to take the necessary action.

Lastly, spread the word about the hack with your friends and subscribers. The more people are aware of this type of scam, the lower the chances they fall victim to it now or in the future.

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *