A Bot Network Stealing Twitter Identities Ran Its Scam For Days Before Being Taken Down

The scam ran for three days before Twitter removed the fake accounts.

On Tuesday, a Twitter account with the name and photo of prominent cryptocurrency investor Kevin Pham posted a link to a contest offering people the chance to win Bitcoin, Ethereum, and Litecoin.

“To celebrate partnership between Biftinex and EOSfinex, they give away a total amount of 1.000 BTC, 15.000 ETH and 10.000 LTC. Hurry up before it ends!” the Tweet said. (The prize money would total about $22,630 at current prices.)

Dozens of other Twitter accounts that also appeared to belong to different cryptocurrency experts and websites posted the same message over three days. All were fake accounts. (One spoofed account was also of a BuzzFeed News reporter, which is how the scam was discovered.)

These accounts were part of a network of bots used to trick people into sending cryptocurrency to wallets belonging to the scammers. It’s just the latest in what has become a long line of cryptocurrency scams running on Twitter. Prominent figures such as Elon Musk and John McAfee are routinely impersonated on the platform. Fake news and fake tweets are used in pump-and-dump schemes, and Bitfinex itself was targeted with a different scam just last month.

This is insane. @Protafield is a blue checkmark verified user who has changed name and account details to match @Bitfinex Then they are pretending to do giveaways and stealing ETH from people. @TwitterSupport wtf is wrong with your website get ur shit together https://t.co/NzPwTa0RTQ

Facebook, Google, and Twitter have all banned cryptocurrency advertisements on their platforms, but the scammers continue to find a way to use these platforms to run their schemes.

After BuzzFeed News alerted Twitter to the scam, the bot accounts were removed.

“We're aware of this form of manipulation and are proactively implementing a number of signals to prevent these types of accounts from engaging with others in a deceptive manner,” a spokesperson said.

The company declined to elaborate on how the scam got around Twitter’s filters or what the preventative signals are. The botnet generated tweets for at least three days before being shut down.

Kevin Pham, the cryptocurrency investor whose account was spoofed, said scammers emerge wherever there’s a financial opportunity. He said it was the first time he was impersonated, but he’s seen it happen to others, like Ethereum inventor Vitalik Buterin.

“Anybody that can find vulnerability in algorithms or other public websites can kind of ding those vulnerabilities,” Pham said.

In this case, the scheme utilized the network of fake Twitter accounts to drive real people to a website that was spoofed to look like the popular cryptocurrency exchange Bitfinex. The scammers used bitfinex.eu as their site, instead of the official bitfinex.com.

Users who landed on the hoax site were then asked to pick their preferred cryptocurrency and were given the address of a wallet to send it to. (Sending money was a requirement for participating in the giveaway.) To make the scam look real, the website even forged cryptocurrency transactions and redirected users back to the real Bitfinex website if they clicked on any section not related to the giveaway.

Although the scammers didn’t get any Bitcoin, they received three separate transactions of Ether, totaling about $1,002, and six Litecoin transactions, totaling about $521, according to public data from their wallets.

Bitfinex director of communications Kasper Rasmussen said in a statement that these scams are “a threat to the whole digital asset space.”

“The platforms we use have provided us with an incredible way of connecting with our global user community, but it's been difficult to come up with an effective solution to the challenge of phishing scams,” he said.

Pham, however, believes cryptocurrency scams will help society “build up an immune system” to them. Users have to learn about the bad actors or lose their money with no chance of getting it back, he said.

Some people did try to raise warnings about the scam while it was still active on Twitter. Someone left a comment on one of the wallets associated with the scammers to discourage people from sending it currency. A Google search for another URL associated with the scheme, trust-cryptopayment.com, has been flagged on a website tracking Ether scams.

“It’s unfortunate in the short term, but in the long term it’s kind of tough love,” Pham said.

Topics in this article

Skip to footer