Nov 2018 - Elon Musk Verified Twitter Giveaway - $180k (Global)
"A widespread scam pretending to be from Elon Musk and utilizing a stream of hacked Twitter accounts and fake giveaway sites is being pulled off by attackers hacking into verified Twitter accounts and then changing the profile name to "Elon Musk". They then tweet out that he, being Elon, is creating the biggest crypto-giveaway of 10,000 bitcoins."
"Plunging value of bitcoin and other cryptocurrencies has not stopped scammers from impersonating famous personalities or taking over verified accounts on Twitter. These scams have been going on for months and are most evident with every tweet from Elon Musk. despite the social media company’s promise to curb them. Now the scammers are targeting verified accounts – those with the coveted blue tick – to spread the fraud."
"One of the most common methods of breaking into verified accounts is credential surfing in which previously leaked passwords are automatically used in multiple attempts to break through verified accounts. Twitter has urged users to use two-factor authentication in order to prevent such hacks."
"These scammers follow a set pattern and are pretty easy to spot. The sabotaged accounts usually solicit users to send small amounts of cryptocurrencies in exchange for a bigger reward as part of a giveaway. Twitter reportedly said that the platform has improved ways of handling these scams related to cryptocurrencies and is trying to crub their reach to people."
"I'm giving 10 000 Bitcoin (BTC) to all community! I left the post of director of Tesla, thank you for your support! I decided to make the biggest crypto-giveaway in the world, for all my readers who use Bitcoin. Participate in giveaway."
"Even worse, these posts are being promoted through Twitter advertising in order to give them wider visibility and to add legitimacy."
"The sites that these fake profiles are promoting include musk[.]plus, musk[.]fund, and spacex[.]plus, which state that all a user has to do is send .1 or 3 BTC to the listen address in order to get 1-30 times in bitcoins back."
"The cryptocurrency market is going through a rough patch, but this isn’t stopping scammers from duping people out of their funds."
"To verify your address, send from 0.1 to 3 BTC to the address below and get from 1 to 30 BTC back!"
"BONUS: Addresses with 0.30 BTC or more sent, gets additional +200% back!"
"Payment Address: You can send BTC to the following address."
"1KAGE12gtYVfizicQSDQmnPHYfA29bu8Da"
"Waiting for your payment..."
"As soon as we receive your transaction, the outgoing transaction will be processed to your address."
"[I]n a single day, these scammers have received 392 transactions to the bitcoin address 1KAGE12gtYVfizicQSDQmnPHYfA29bu8Da for a total of 28 bitcoins or approximately $180,000 USD."
"Some of the victims of the scam in the past few months include Israeli politician Rachel Azaria and Ben Allen, the state senator from California. National Disaster Management Authority (NDMA) of India also fell prey to these scammer robots." "To help perpetuate the scam, the attackers hacked into official government Twitter accounts such as the Ministry of Transportation of Colombia and the National Disaster Management Authority of India. These accounts were then used to promote the scam by stating that they sent bitcoins and received more coins back." "[A]ttackers [also] hijacked the official accounts of Europe’s second largest film company and popular fashion retailer Matalan."
"Disastrous! #Indian National Disaster Management Authority's verified twitter account has been hacked (along with a few other verified accounts), which is being used to aid #cryptocurrency scams pushed via verified account impersonating #ElonMusk.... very convincing."
"It’s worth pointing out that unlike other similar incidents, the hackers did not post any malicious links directly from the NDMA’s account; instead, they used the account to respond positively to malicious links posted from other accounts, perhaps in an effort to make them look more legit."
“I sent 0.30 BTC and got 6 BTC back,” one of NDMA’s tweets read. “Elon, you are the best person I have ever seen in my life,” another said, likely responding to one of the many fake Elon Musk accounts propagating malicious giveaway links.
"The cryptocurrency market is going through a rough patch, but this isn’t stopping scammers from duping people out of their funds. Hackers took over the official Twitter account of India’s National Disaster Management Authority (NDMA) to promote blatant Bitcoin giveaway scams – a trend that’s been plaguing social media for months now.
It’s worth pointing out that unlike other similar incidents, the hackers did not post any malicious links directly from the NDMA’s account; instead, they used the account to respond positively to malicious links posted from other accounts, perhaps in an effort to make them look more legit.
“I sent 0.30 BTC and got 6 BTC back,” one of NDMA’s tweets read. “Elon, you are the best person I have ever seen in my life,” another said, likely responding to one of the many fake Elon Musk accounts propagating malicious giveaway links.
"The good thing is the NDMA social media team has since managed to reclaim control of its account. All malicious tweets have been wiped, but the NDMA has yet to address the mishap."
The scheme "earned scammers over 28 bitcoins or approximately $180,000 in a single day."
"To battle the issue, renowned French ethical hacker who goes by the alias Elliot Alderson created a bot to report cryptocurrency scammers on Twitter."
"When BleepingComputer contacted Twitter regarding this scam, we were given this statement by a Twitter spokesperson."
"We don’t comment on individual accounts for privacy and security reasons. Impersonating another individual to deceive users is a clear violation of the Twitter Rules. Twitter has also substantially improved how we tackle cryptocurrency scams on the platform. In recent weeks, user impressions have fallen by a multiple of 10 in recent weeks as we continue to invest in more proactive tools to detect spammy and malicious activity. This is a significant improvement on previous action rates."
"Last week, scammers pretended to be Tesla CEO Musk by sabotaging verified accounts of Matalan and Pantheon Books. This week, two more accounts that were targeted include those of a UK-based apparels brand Farah, and the Australia division of consulting firm Capgemini." "The account of Indian B2B marketplace IndiaMART could also be seen sending out these deceiving tweets. The company’s account was hacked and scammers managed to post a few bitcoin-related tweets before the account cleaned up the offending posts."
Further Analysis
One way that people often use to determine the legitimacy of Twitter accounts is the verified "checkmark" next to the username. To exploit this, hackers managed to compromise accounts of Twitter users who had verified accounts. These accounts were either renamed to impersonate Elon Musk (keeping the checkmark) and post a "giveaway" scam, or made to tweet out comments indicating that they'd given funds and received back more from the "giveaway". The "giveaway" scam works by asking users to send funds to the attacker's address, with the promise they'll received more funds back. No funds are ever sent back and the attacker simply keeps the funds.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
NEO Fake Android Wallet > > < < Gate.io Crypto-Stealing JavaScript
Sources/Further Reading
India’s national disaster authority hacked to promote Bitcoin scams (Mar 15)
US and Israeli politicians hacked to promote 'Elon Musk' Bitcoin giveways (Mar 15)
@jeffjohnroberts Twitter (Mar 20)
https://www.owasp.org/index.php/Credential_stuffing (Mar 21)
John McAfee Claims Twitter Account Hacked Despite 2-Factor Authentication | Beebom (Mar 21)
@fs0c131y Twitter (Mar 21)
@fs0c131y Twitter (Mar 21)
@fs0c131y Twitter (Mar 21)
@Jason Twitter (Mar 21)
@thehackersnews Twitter (Mar 21)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|