The Biggest Crypto Scams on Twitter and How to Avoid Them

Never neglect safety – Even in the bear market, the scammers are on deck. Thereby, lots of scams, whose purpose is to steal your cryptocurrencies, are committed every day. In practice, Twitter turns out to be one of the favorite hunting grounds for crypto scammers to find new victims.

Twitter: The Cradle Of Crypto Scams

Since the beginning of the bear market, the amounts stolen by cryptocurrency scammers are declining. In fact they collected $1.65 billion since the beginning of the year. While this amount is staggering, it represents a 65% drop compared to the year 2021. Unfortunately, this drop in revenue does not stop scammers from continuing their theft.

So the security researcher @Slang published a wire of quality in which he discusses the most common crypto scams on Twitter.

Serpent looks back at the most common crypto scams on Twitter – Source: Twitter

8 crypto scams that are common on Twitter

Let’s take a look at 8 crypto scams that are common on Twitter and the ways to avoid them.

Fake letter scam

The first scam presented by Serpent is a scam as old as the hills. This is nothing but a type attack phishing. As a reminder, a phishing attack aims to direct users to a damaged copy of a site familiar.

For example, Serpent has identified several scammers trying to send users to a replica of the service’s site. First. Once on the site, the user is invited to sign a fraudulent transaction, which allows the scammer to empty all NFTs on the wallet.

To fool the user, the scammers will create very similar domain names to that of the official site, by changing one of the letters with a similar Unicode character.

In the case of the scam below, the attacker replaced the “i” by a “I” without a dot from the Turkish alphabet.

Fake domain name crypto scam
A crypto scam with a fake domain name – Source: Twitter

To protect against these attacks, it is recommended not to follow any link and always check the correctness of the URL.

>> You can click this link with confidence! The JDC offers you 5 seats for the Binance Blockchain Week in Paris (commercial link) <

Fake website Revoke.cash

Revoke.cash is an extremely useful website for: revoke permissions assigned to smart contracts. Initially created as a security tool, scammers use the tool’s reputation to their advantage.

For once, scammers will try to send users to a damaged copy of a site to steal the NFTs and/or cryptocurrencies present on the wallet.

In the @Serpent example, the scammer tries to impersonate a member of the OpenSea team by announcing a vulnerability. It then tries users to a fake website Revoke.cash. Indeed, if we look more closely at the URL, it does not match that of the original site.

Crypto scam on fake Revoke.cash site
A crypto scam on the fake site Revoke.cash – Source: Twitter

Again, double check URLs sites you will interact with.

Student account scam

We have already dealt with this scama few months ago, on the Journal du Coin.

For this type of attack, the scammer sends a private message explaining that he has a address with several thousand dollars inside stable coins. However, this explains: not to be able to withdraw money. This one generously gives his seed phrase so that the user transfers the money to him.

Student wallet scam.
A student wallet scam – Source: Twitter

In practice, the address does not have: no token allow to pay transaction costs. As a result, the user may be tempted to send money to steal the USDT at the address.

Unfortunately, a bone keep a close eye on this address and automatically removes all token sent to the address, resulting in losses for the user.

>> There are still actors who wish you the best! The JDC offers you 5 seats for the Binance Blockchain Week in Paris (commercial link) <

Hack for verified accounts

This scam is a bit more complicated than the one seen before. For this, the scammers will initially hack a verified account have a good subscriber base. Then they will publish posts from this account to announce: fake air drops or from NFT mints.

As usual, the scammers will send a phishing link to the message. Users who click on the link will be led to sign a fraudulent transaction that could lead to their wallet being transferred.

note that this scam also affects Discord. Indeed, many scammers manage to take control of a Discord server administrator account and use it to post phishing links.

As always with phishing, watch out for the left you click and the transactions you sign!

Fake Play2Earn Scam

For this scam, the scammers will pretend to be the creators of a new play-to-earn project.

In a private message, they will offer Twitter users to participate in a game private beta. To encourage users to participate, scammers offer a financial compensation in exchange for feedback about the game.

To play, the user must: download the game from a source sent by the scammer. Obviously the game files are infected with all sorts malware.

“After opening the files, we can see that the .rar file contains actual game libraries to give the impression of legitimacy. However, the executable is infected and will steal both cookies and your browser data (including extension data). »

Twitter thread from @Serprent

Therefore, the scammer will be able to:access your extensionsespecially your wallet Metamask.

>> Don’t be fooled! Try to win your 5 tickets to Binance Blockchain Week in Paris instead (commercial link) <

Fake NFT Contracts Scams

This scam targets mostly artists Producing NFTs. It is mainly because of this kind of fraud that the Aristocrats Project Discord server got corrupted last July.

In reality, the scammer will contact a NFT artist to give him a paid assignment. He will do everything he can to gain the trust of the artist before sending him a file (often PDF) summarizing the needs of the project.

Unfortunately, the file in question is not no PDFbut one .scr file which, when executed, will retrieve all your cookies, passwords and extension data.

Fake NFT contract crypto scam.
A fake NFT contract crypto scam – Source: Twitter

Unswap fake bot scam

This scam is mainly propagated in comments among tweets from influential people in the ecosystem.

Specifically, an account will have a remark in combination with a YouTube video for a bone who makes walk ahead on Uniswap. The video explains that it is possible to earn several thousand dollars thanks to this bot.

In the description we find all the links to download and use the bot itself. Once is not a habit, it is good Too good to be true.

Indeed, in order to use the program, you need to transfer money to the smart contract of the bot you have deployed. At the same time, once the bot is launched, will revoke automatically withdraw all the money present at the address and send it to the scammer’s.

Once you call one of the contract functions, it transfers all the money from the contract to uniswapDepositAddress() which is called from another contract (by the crook) in GitHub, which returns with the contract’s wallet. »

Twitter thread from @Serprent

>> Boo.. not pretty the bot! Do you want a real gift? The JDC offers you 5 seats for the Binance Blockchain Week in Paris (commercial link) <

Fake media scams

This is by far one of the best known. In fact, it is often hijacked by users to troll each other.

In fact, scammers have a army of bots who carefully examines Twitter looking for certain keywords, such as “Metamask”, “Scam”, “Recovery” or “Wallet”. Once they find these terms, they will automatically respond to the tweet by offering to offer their help.

But in reality these scammers are trying to prey on people who have already been hacked search for help.

The scammers will then pose as developers and be able to help the person. However, in order to carry out their mission, the scammer will pretend need some ETH to pay the transaction fees to implement the smart contract that will allow the user to get their money back.

Prudence is the mother of security in crypto

As you have seen, scammers are doubling down on their ingenuity to monopolize your precious cryptocurrencies.

There are a few basic rules to protect yourself from these scams:

  • Always check the links you interact with;
  • Do not download files from a stranger;
  • Avoid making decisions late at night, as fatigue leads to decreased alertness;
  • If an offer is too good, chances are it’s a scam;
  • Never keep your private keys free on your computer;
  • Always check the transactions you sign. It only takes a few seconds and can save the loss of thousands of dollars.

look after also obscure projects where the entire team is anonymous and unrivaled in the ecosystem. Indeed, there is a good chance that these projects will turn out to be scams. This was in particular the case of the SudoRare projectwhere the creators disappeared with user money 6 hours after launch.

Increased vigilance is essential to avoid the pitfalls of crypto scammers! Want to attend quality conferences from Web3 experts? Register now on Binance. The JDC offers you 5 seats worth €880 for Binance Blockchain Week. Try to win them by drawing lots (commercial link).

Leave a Comment