Even though it’s not an old tactic for black hat hackers, Bitcoin scams have begun to be more and more prevalent, especially after the July 2020 hack, where 130 high-profile twitter accounts got compromised by outside parties. According to Wikipedia “more than 320 transactions had already taken place on one of the wallet addresses, and bitcoin to a value of more than US$110,000 had been deposited in one account before the scam messages were removed by Twitter.”
With cryptocurrency, scammers can attain more sophistication and longevity with the same ‘scam routine’ at a ‘minimal cost’ (i.e minimal hassle, expense, fears, etc).
The Elon Musk (Impersonation) Cryptocurrency Giveaway Scam
Lately, there have been multiple instances of bitcoin scams in youtube, this scam relies on the popularity of the famous entrepreneur Elon Musk and SpaceX, the channel normally has thousands of subscribers and a very similar name to the companies Elon owns or Nasa. The scammers can create a Youtube channel and raise the number of subscriber and number of view artificially, probably by using botnets, by having a few thousand subscribers and having a decent number of viewers, the scammers manage to trick the Youtube algorithm and consequently, the stream pops up in the recommended list. The stream consists of the following bitcoin scam definitions:
In today’s age, it is quite easy to create social media accounts like Facebook, youtube e.t.c, scammers would use this strategy to for example lie in wait until the person they are trying to impersonate publishes content. The impersonator then replies to it with a follow-up message – with for example a free giveaway. It would be also possible for impersonators to directly message a potential victim. It is a best practice that when you receive an odd request or offer to always double-check a person to confirm the authenticity via multiple mediums of communication.
Scammers seek to take advantage of people by offering free giveaways of bitcoin in exchange for sending a small amount to register, or by providing some personal information (which can be turned into profit later on by the perpetrators).
Here are a few of these scams:
Notice that the number of subscribers and viewers is very much unrealistic for a newly created stream and channel. Clear evidence of the use of botnets
Normally on these scams, there is a landing page where more information can be found:
It is also very common to have a live feed of the transactions that have been occurring on the wallet, of course, all of them fake:
Digging a little bit more and after performing a DNS query on the website URL of one the streams we find that server of one of the landing pages is located in Russia:
Since one of the functionalities of digital currency is to have a bitcoin ledger, where it keeps a list of all the transactions done by all the users, we can use we can look that during the 20 min period where the scam was active, the scammers manage to profit 1.55807986 bitcoin which translates to $18136.05 :
Note that there was no sent bitcoin from this bitcoin wallet.
These types of scams are incredibly popular because they are so cheap, easy, and efficient to execute, partly because unfortunately there are a lot of people that are still not informed well enough of this type of social engineering strategy. When stumbling into these kinds of scenarios it is best to keep the adage at mind “If something seems too good to be true, it probably is.”.
By Andre Gomes