Scammers have taken to Twitter to impersonate Elon Musk, earning them over 29 Bitcoins (approximately $180,000) in a day. The scam maliciously plays on the trust users put into verified Twitter accounts and high authority people within the industry.
The attackers have hacked into verified Twitter accounts, changing the account name to “Elon Musk”. They then impersonate Elon Musk, relying on his high standing within the tech industry to lure victims into a cryptocurrency giveaway of 10,000 bitcoins.
Because of the way Twitter’s advertising algorithm works, Twitter has been unknowingly advertising these posts, increasing their audience reach. The scam required users to send 1 or 3 Bitcoins to an address and then promises they will get 1-30 times that amount of bitcoins back.
The scam proved extremely successful, with scammers receiving 392 transactions to their address in one day. Another important part of the scam relied on hacking into other verified and high authority twitter accounts, such as the Ministry of Transportation of Colombia and The National Disaster Management Authority of India.
These accounts were then used to bolster claims of success and legitimacy of the scam by stating they had taken part and had received their Bitcoins.
Twitter hasn’t commented on this scam when asked for their opinion, however, they did respond with a general statement:
We don’t comment on individual accounts for privacy and security reasons. Impersonating another individual to deceive users is a clear violation of the Twitter Rules. Twitter has also substantially improved how we tackle cryptocurrency scams on the platform. In recent weeks, user impressions have fallen by a multiple of 10 in recent weeks as we continue to invest in more proactive tools to detect spammy and malicious activity. This is a significant improvement on previous action rates.
It is clear more needs to be done to prevent these types of attacks to protect users and help Twitter remain a trustworthy platform for sharing ideas.