Criminals Use Twitter to Steal NFTs and Cryptocurrency

Tenable publishes an analysis of recent scams used by criminals on Twitter to steal NFTs and cryptocurrency.

my knowledge

In recent months, a variety of non-fungible token (NFT) projects including Bored Ape Yacht Club (BAYC), Azukis, MoonBirds and OkayBears have been impersonated on Twitter to steal user NFTs and cryptocurrencies such as Ethereum and others. To create hype, many of these projects have boosted upcoming integrations with their metering devices, giving scammers ample opportunity to take advantage of new or rumored advertisements related to these projects.

Cryptocurrency-related scams on Twitter, which have been rampant since at least 2018, continued through the platform’s bull and bear markets. If there is one thing that is certain about cryptocurrency scams, it is that scammers are determined to find creative ways to take advantage of and profit from the cryptocurrency craze.

How Twitter Can Curb Several NFT Cryptocurrency Scams

There are several ways Twitter can step in to make things more difficult for scammers when it comes to impersonation.

  1. Make the NFT profile picture feature available to all users instead of only paying Twitter Blue members. Since blockchains are designed to provide a method for verifying trust, allowing anyone to use this feature provides a mechanism for users to verify the authenticity of tweets from someone with a BAYC profile picture.
  2. Temporarily hide tweets and profiles for verified accounts that change their profile pictures and names. Scammers who successfully hijack verified Twitter accounts will redirect them to brands, notables or NFT projects. By temporarily hiding these tweets and profiles when such a change is made to their profiles, Twitter will give the abuse team a chance to manually review those changes before the scammers wreak havoc.
  3. Create alerts for profiles and links shared by verified Twitter accounts that have recently changed their names and profile pictures. If 2 isn’t feasible, set up a barrier that creates alerts for end users when tagged in Tweets from newly verified profiles or in links shared. Use transparency to inform end users. Since Twitter accounts are tagged with user_id, add a warning bubble next to the tweet that says “This profile recently changed their name and profile picture from (x) to (y). If this profile looks suspicious, report the account.”
  4. Watch out for signals like bulk tagging of tweets. To get users’ attention, scammers rely on tagging multiple users in responses to tweets. If a Tweet starts receiving replies referring to multiple users, mark the original Tweet/account and subsequent replies as suspicious. Twitter “boats” – as they were previously called – are anomalies, so responses like this, even if they come from a group of Twitter accounts not linked to the original tweet, should be another potential signal to report.

Twitter users interested in cryptocurrency need to remain skeptical

If Twitter users are proactively flagged in a tweet, they should be very suspicious about the motive behind it, even if it’s from a verified Twitter account. Tenable advises: Find the project’s original website and cross-reference links shared on Twitter with those on their official website. Scammers will also rely on urgency to try to pressure users into this area. When the NFT coin is made, they will say there are only a limited number of seats left. This urgency makes it easy to confuse users who do not want to miss the opportunity.

Leave a Comment