Scammers are hacking Twitter accounts and using them to steal non-fungible tokens (NFTs) and cryptocurrencies. Fraudsters are catching the enthusiasm of NFTs and cryptocurrencies, according to a new study released by Tenable staff research engineer Satnam Narang.
Cybercriminals hijack various verified and unverified accounts on Twitter to spoof popular NFT projects such as Bored Ape Yacht Club (BAYC), Azukis, MoonBirds, OkayBears and phishing users’ crypto assets. To guide and steal.
“Some of the successes of these good NFT projects have paved the way for broader recruitment by facilitating future integration with their own Metaverse, and new or rumors related to these projects to scammers. We have given enough opportunity to take advantage of our announcement, “says Narang.
Take advantage of Twitter mentions
Research has shown that these scams occur in several different ways. One way is if a scammer uses Twitter mentions to get attention. Cryptocurrency scammers tag users with replies spanning hundreds of tweets to direct them to phishing websites that are often indistinguishable from legitimate NFT project sites.
This makes it difficult for the average crypto enthusiast to distinguish between them. The user is confident that instead of using the username and password, they will connect the cryptocurrency wallet. This allows fraudsters to transfer digital currencies such as Ethereum ($ ETH) and Solana ($ SOL), as well as NFTs held in these wallets.
Airdrops are also on the rise, and free NFTs are causing cryptocurrency scams. AirDrop is a promotional activity aimed at helping the bootstrap of digital currency projects. Earlier this year, BAYC announced ApeCoin airdrops to owners of various NFT projects such as BAYC, Mutant Ape Yacht Club, and Bored Ape Kennel Club.
“The scammers saw this announcement as a great opportunity to target their interest in the next airdrop and started creating a campaign by hijacking a verified Twitter account and directing users to phishing sites.” Narang explains.
Separately, scammers pretend to be good Samaritans by using potential scammer threats as a reason to “clean” or “close” comments and replies to comments and tweets. increase. Seeding some of these fake tweets uses the built-in Twitter capabilities to have conversations and limit who can reply to tweets. This will prevent users from alerting others about potential fraud.
“Despite their volatility, interest in NFTs and cryptocurrencies continues to grow in India, and based on extensive research in this area, scammers are creative to trick users. We continue to find ways, “says Narang.
“Recognition of legitimacy”
“In India, there are reports that government officials, celebrities, or large corporations are spoofing to infuse legitimacy. Acting from a skeptical place has some users about such scams. May provide a cover for the scam, “Naran said.
According to Narang, users should be careful and suspicious of their motives if they are actively tagged in their tweets, even if they come from a confirmed Twitter account.
“Look for cross-reference links that are shared with the original project website and the links on the official website on Twitter. Fraudsters also rely on the urgency to try to put pressure on users in this area. If NFT mint is occurring, it is said that the number of remaining spots is limited. This urgency makes it easier for users who do not want to miss an opportunity. Ultimately, something If it sounds too good to be true, it’s probably true, “he added.
May 29, 2022