Crypto scammers are hijacking this Twitter feature to snare new victims

Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
(Image credit: Tama2u via Shutterstock)

Scammers have found a way to trick people into thinking they’re visiting a legitimate company account on X when, in fact, they’re visiting an impersonator who will simply  steal their cryptocurrency.

This method leans onto the way X handles links to different posts. On the platform, when a person posts something, the link to it holds both the username and the post’s unique ID. However, it seems that only the ID is necessary to redirect the visitor to the actual post, so the username in the link can be changed to any name.

So, the hackers would first create an X account impersonating a major company, such as Binance, the Ethereum Foundation, or Chainlink, and post a link to a fake airdrop, a giveaway, or something similar. Then, they would change the username in the link to appear as if the actual Binance, or Chainlink, posted it. 

Bots in action

Then they would distribute it throughout X (and other platforms, probably) using bot accounts. Reporting on the news, BleepingComputer says all of the accounts it observed promoting these scam posts use an account name in the format of name+five digits, such as @amanda_car16095. 

While the campaign started roughly two weeks ago, the vulnerability (if it can be called that) is a lot older. The media reported on it back in 2019 when security researcher Davy Wybiral warned it could be abused in phishing attacks. However, it was never addressed, most likely because it was never used in phishing attacks. 

Defending against these scammers should be relatively easy - just double-check the account name in the post’s URL and make sure it’s legitimate. This becomes a bit of a problem if the victims use a Twitter app to read the posts, as the app will not display the URL. Using common sense is advised - large companies like Binance will rarely promote giveaways and airdrops via Twitter bots. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.