Crypto scammers pose as Journalists, NFT projects on Twitter

The Twitter Inc. logo is displayed on the screen of an Apple Inc. iPhone 6s in this arranged photograph taken in New York, U.S., on Tuesday, Feb. 9, 2016. Photographer: Michael Nagle/Bloomberg

Internet scammers are using hijacked accounts on Twitter Inc. to promote dubious cryptocurrency platforms that, once installed, enable them to compromise victims’ sensitive data, according to new findings provided exclusively to Bloomberg News.

Since March, fraudsters have impersonated journalists, crypto apps and a variety of nonfungible token (NFT) projects on Twitter in order to steal users’ virtual currency, usernames and password credentials, according to research from Satnam Narang, a staff research engineer at the cybersecurity firm Tenable Inc. Many of the targeted accounts are verified, an indication to investigators that scammers are either hacking specific pages, paying for illicit access, or both.

As part of the alleged scam, thieves have masqueraded as members of the Bored Ape Yacht Club, a popular collection of NFTs, as well as the Azuki collection, the MoonBirds project and the Okay Bears NFT community, which has more than 150,000 Twitter followers, Narang found.

In one instance, scammers posed as a legal affairs reporter from the Age, an Australia-based news service, asking users to visit a suspicious link in order to claim a small amount of the virtual currency Ethereum, according to the research. Intruders also appear to have temporarily taken over the Twitter page of a freelance journalist who covers the gaming industry and created profiles that appear similar to real ones, according to the findings.

The imposter Twitter accounts have typically encouraged followers to visit specific links, or download new apps, Narang said. Those apps often persuade users to provide access to their mobile cryptocurrency wallets, from which the attackers can quickly extract funds. Each of the fraudsters’ pages, whether an app or a phishing link, are carefully designed to look like legitimate, trustworthy websites, according to the findings.

The tactic represents an upgrade from a more traditional fraud technique of mass-spamming social media users, or impersonating famous people, such as Tesla Inc. Chief Executive Officer Elon Musk, an outdated tactic that’s relatively simple to detect, Narang said in an interview. The use of verified Twitter accounts adds a layer of legitimacy, and the chance to seize on a money-making opportunity in cryptocurrency adds some urgency to the scheme, said Narang.

“They look indistinguishable from real sites, and people just aren’t looking closely at the links,” he said.

When a Bloomberg News reporter analyzed an app that purported to be for Azuki, an anime-themed NFT project with more than 300,000 followers, it was flagged as malware.

In May, scammers used a fraudulent Twitter page @OlthersideMeta, that tricked users into believing it was @OthersideMeta, a legitimate site that blends video games with the metaverse, according to the research.

Losses incurred from the scams are difficult to quantify, however the activity is the latest example of attackers leveraging cryptocurrency -- and the hype surrounding popular projects -- to generate funds. Americans reported more than $1.6 billion in cryptocurrency-related fraud in 2021, a massive uptick from the $246 million the year before, according to the FBI’s internet crime complaint center report. The true figure is likely to be much higher, as many would-be investors flock to speculation-style schemes and don’t report instances of fraud, Narang said.

“Scammers are so adept at pivoting into what people are interested in,” he added. “This is a small sampling of what’s happening across this space.”