According to a report by Chainalysis, crypto scammers have already made off with US$1.6 billion dollars in 2022. Although lower than the amount during the same time last year, it still represents a huge amount of money to the various victims that made up this sum. Why crypto scams are so popular, particularly on Twitter, is because of anonymity. Yet, Twitter gives you access to millions of followers and potential victims. This article looks at the common crypto scams on Twitter, and how you can avoid them.
Common crypto Twitter scams
Fake or hacked verified Twitter accounts
Scammers create a confusingly similar Twitter account to a reputatble of verified account in the Twitter crypto space. These accounts will have very similar names to the real accounts and have the same profile pictures and posts. They then use these fake accounts to privately message people with promises of providing services for a fee. They may also ask for money in return for being repaid more at a later date.
Some scammers even go so far as to hack official and verified accounts. They then impersonate the person behind the account and offer fake airdrops or token claim links. Once victims click on these links, they are directed to a fake website to connect their cryptocurrency wallets and their funds will be drained.
Fake crypto projects
These projects usually target crypto funds, content creators, or known high-net-worth individuals. The scammers will privately message potential victims claiming to be an up-and-coming crypto project. They will then ask for investments or provide a link to a “beta version” of the project requesting feedback or reviews in exchange for payment. However, the link actually contains malware and will either steal your data or drain your crypto wallet.
Spoof URLs
Some scammers are now creating spoof or fake URLs using similar-looking Unicode letters. The below tweet is an example of a spoof link. The letter “i” does not have a dot on it, instead, it is using the letter “ı” from the Turkish alphabet. Other variations can include using the letters “à” or “è” from the French alphabet instead of the English letters “a” and “e”. These links would direct you to a spoof of the official Premint website where you will be provided with a Seaport signature that drains your NFTs and ETH.
The above tweet is also an example of a fake project account. The official account has the same spelling as the project i.e. Azurbala with one “l”.
Honeypot crypto scams
The honeypot crypto scam involves wallets containing a sum of cryptocurrencies, but will also have hidden traps. The scammer will usually approach victims via Twitter DMs alleging issues with their cryptocurrency wallets. They will then send their wallet details, including any seed phrase, and offer a reward. Victims will then access the account and try to deposit some ETH in an attempt to pay the transaction fees to remove the “stuck” funds. However, there will be a bot waiting to instantly transfer any funds (including any amounts the victim sent) out of the account and into the scammer’s own wallet.
Check out Cointelegraph’s article to learn more details about honeypot scams and how they work.
Crypto recovery scams
In crypto recovery scams, scammers prey on people who have lost their funds and need help with recovery. They would contact people via DM or post replies (particularly for posts where a project is in trouble) stating that someone helped them recover their lost funds for a small fee. Victims would then contact the person who could supposedly help them, who in fact is the scammer. The scammer would then take the fees and disappear.
To learn more about various other crypto Twitter scams, check out this post from Serpent, a Web3 Security Analyst.
How to avoid crypto Twitter scams
Verify everything
If you see a post from a project, check it against other sources such as their website or other social media outlets. Even if an account is verified, it could still be a hacked account, so users should also check if these alleged events or airdrops are actually real by looking at the project’s website or blog. The same goes for people who contact you on Twitter, check carefully if their username is spelled correctly and other account details.
Trust your instincts
If something sounds too good to be true, then it probably is. For example, if you did a small task for someone, would you really expect a huge return or reward? Also, people experiencing technical issues would contact the responsible project, exchange, or where the wallet is hosted. It would not make sense for them to contact you.
Be wary of links
Links containing malware or phishing links are the main gateway by which scammers access your personal data and funds. Therefore, you should be careful to check before clicking links or approving any contracts.
Don’t give out personal information
Personal information is very valuable to scammers who use this to access your private accounts or wallets. So do not give out the seed phrases for your cryptocurrency wallets as scammers can restore your wallet and drain its funds. Similarly, do not tell people (unless they are trusted) how you store your seed phrases and your security measures.
