Scammers Hack Twitter Accounts to Steal Popular NFTs and Digital Currencies

According to new research, published by Tenable’s Staff Research Engineer, Satnam Narang, scammers have once again dug deep into their bag of tricks to capitalize on the fervor in non-fungible tokens (NFT) and cryptocurrencies.

Many are hijacking verified and unverified accounts on Twitter to impersonate popular NFT projects including Bored Ape Yacht Club (BAYC), Azukis, MoonBirds and OkayBears, to steal users’ crypto assets by driving them to phishing sites.

The success of some of these blue chip NFT projects has paved the way for broader adoption by promoting upcoming integrations with their own metaverses, giving scammers ample opportunity to capitalize on new or rumored announcements in relation to these projects. These scams take place in a few different ways, according to the research.

Scammers leverage Twitter mentions to capture attention

Cryptocurrency scammers are tagging users in replies across hundreds of tweets in a bid to drive them to phishing websites. These phishing sites are indistinguishable from legitimate NFT project sites making it difficult for the average cryptocurrency enthusiast to tell them apart. Instead of relying on traditional usernames and passwords, users are convinced to connect their cryptocurrency wallets. By doing so, scammers are able to then transfer out the digital currencies like Ethereum ($ETH) or Solana ($SOL), as well as any NFTs being held in these wallets.

Airdrops and free NFTs drive cryptocurrency scams

The airdrop is a promotional activity performed to help bootstrap a digital currency project. The Bored Ape Yacht Club (BAYC), announced earlier this year an Airdrop of ApeCoin to holders of its various NFT projects such as BAYC, Mutant Ape Yacht Club and Bored Ape Kennel Club. Scammers saw this announcement as a ripe opportunity to target the interest in this upcoming airdrop and began creating campaigns by hijacking verified Twitter accounts to drive users to phishing sites.

Scammers warn of scammers to add legitimacy to tweets

Scammers have also pivoted to appear like the good samaritans by using the threat of potential scammers as justification for why they “clean” or “close” comments or replies to their tweets. Once they’ve seeded a few of these fake tweets, they leverage a built-in Twitter feature for conversations to restrict who can respond to their tweets, which prevents users from warning others of the potential fraud that lies ahead.

“Despite their volatility, interest in NFTs and cryptocurrencies continue to grow in India. And based on extensive research in this area, scammers continue to find creative ways to dupe users. In India, there’ve been reports of government officials, celebrities or large corporations being impersonated to infuse the perception of legitimacy. In April this year, the Twitter account of Uttar Pradesh Chief Minister Yogi Adityanath was compromised. His profile picture was replaced with a Bored Ape Yacht Club NFT and used to promote phishing sites for the Azuki NFT project. Late last year, the Twitter account of Prime Minister Narendra Modi, who has over 70 million followers, was briefly hacked. Attackers claimed that India had embraced bitcoin as legal tender and would distribute it to citizens,” said Satnam Narang, Staff Research Engineer, Tenable.

“Operating from a place of skepticism is likely going to provide some cover for users when it comes to such scams. If you’re proactively tagged in a tweet, you should be highly suspicious of the motivations behind it, even if it comes from a verified Twitter account. Seek out the original project’s website and cross-reference links that you see being shared on Twitter with the ones on their official website. Scammers will also rely on urgency to try to add pressure on users in this space. If an NFT mint is happening, they’ll say that there are a limited number of spots left. This urgency makes it easier to take advantage of users not wanting to miss out on the opportunity. Ultimately, if something sounds too good to be true, it probably is.”

Here is the link to the detailed blog