An investigation by SlowMist Security has revealed a concerning trend of widespread theft through phishing tweets within the crypto community. Reports of theft prompted the SlowMist team to dig deeper, uncovering a significant number of these incidents facilitated by deceptive comments under tweets from well-known crypto projects.
Startlingly, around 80% of comments under tweets from these reputable projects were linked to phishing scam accounts. SlowMist also identified multiple Telegram groups involved in the sale of Twitter accounts, including those with varying follower counts, post numbers, and registration dates.
Furthermore, dedicated websites specializing in the sale of Twitter accounts were found, offering accounts from different years and allowing buyers to purchase usernames closely resembling legitimate ones. These websites commonly accepted cryptocurrency payments.
Phishing groups, upon acquiring existing accounts, utilized promotional tools to enhance their credibility by purchasing followers, likes, shares, and interactions. One platform claimed to have processed over 1.3 million orders, involving 20,000 individuals who used their services.
With these resources at their disposal, phishing groups mimicked the information and appearance of legitimate projects, making it challenging for users to differentiate between genuine and fraudulent accounts. Their tactics included automated bots tracking prominent project activities and quickly commenting on project tweets to gain visibility.
Users who mistook these posts for legitimate ones were vulnerable to clicking on phishing links that promised airdrops from fake accounts, leading to unauthorized malicious transactions and financial losses.
Countermeasures in the crypto community include optimizing anti-phishing plugins and browser warnings for phishing pages. Wallet signature verification and interaction safety features also play a crucial role in protecting users from scams. Despite these tools, personal security consciousness remains essential, with users encouraged to scrutinize links, authorizations, and signatures to minimize the risk of coin loss or deception.