- Cybersecurity analyst describes the strategies scammers use to hack funds.
- In a 19-part Twitter thread, he shows how scammers prey on inexperienced crypto users.
- Most criminals target people who have already been scammed and claim they can recover the money.
Cybersecurity analyst Serpent has outlined heinous cryptocurrency and NFT scams currently active on Twitter. Through a 19-part thread, Serpent described how scammers prey on inexperienced crypto users by using copycat websites, URLs, accounts, hacked verified accounts, fake projects, fake airdrops, and a ton of malware.
🚨 CURRENTLY RUNNING TWITTER SCAMS 🚨
In this thread I’ve compiled a list of the most popular currently running crypto/NFT scams on Twitter.
Here’s how they work 🧵👇
— Serpent (@Serpent) August 21, 2022
The senior analyst is the creator of Sentinel, an artificial intelligence and community-powered crypto threat mitigation system, and has 253,400 followers on Twitter. One of the more concerning strategies comes in the wake of a recent rush of crypto phishing scams and protocol hacks. Serpent explains how hackers use the “Crypto Recovery Scam” to defraud those who have recently lost funds due to a ubiquitous hack, stating,
Simply put, they try to target people who have already been scammed, and claim they can recover money.
These con artists, as Serpent described, pose as blockchain developers and look for users who have recently been the target of a significant hack or exploit. They then ask them to pay a fee to deploy a smart contract that can help them recover their stolen funds. They “take the fee and run” instead.
Leveraging recent exploits is part of another strategy. The “Fake Revoke.Cash Scam,” according to the analyst, tricks users into visiting a phishing website by warning them that their crypto assets may be at risk, using a “state of urgency” to get users to click the malicious link.
Another strategy employs “Unicode Letters” to make a phishing URL look nearly identical to a genuine one by replacing one of the letters with a Unicode lookalike, while yet another strategy involves scammers hacking a verified Twitter account, which is then renamed and used to impersonate someone of influence to shill fake mints or airdrops.
Another tactic is called a “Honeypot Account,” where users are supposedly given access to a wallet that is loaded in exchange for a “private key,” but when they try to send crypto to pay for the transfer of coins, the coins are instead sent directly to the scammers’ wallet via a bot. In addition, other techniques include asking high-value NFT collectors to “beta test” a new Play-to-earn (P2E) game or project, or commissioning bogus work from NFT artists.