Security Alert: A new cryptocurrency scam has been perpetrated on Twitter.
In recent years, cryptocurrency has become one of the most popularized assets.
Many individuals have chosen to invest their money in cryptocurrencies, making it an attractive market for hackers.
Although cryptocurrencies aren’t exclusively utilized for illegal purposes, we can’t deny that the number of incidents has risen significantly.
Furthermore, fraudsters come up with innovative ways to trick investors and steal their money.
Twitter bots are keeping an eye on crypto tweets.
Cybercriminals have devised a new method of obtaining the passcode to a cryptocurrency address.
Scammers are now watching for certain ‘crypto’ phrases in tweets and reacting with malicious links.
These scamming bots will react to tweets with particular crypto wallet keywords like ‘MetaMask’ or ‘TrustWallet’ in a matter of seconds.
When such terms are used in a tweet, Twitter bots will immediately respond, acting as “fake help agents,” with malicious links aimed to steal your cryptocurrency wallet and all of your crypto money.
It’s worth noting that Twitter APIs, a feature that allows for the monitoring of every public tweet, may be used to target certain phrases.
Getting to the bottom of the Scam
A test was run by Bleeping Computer to see how a crypto fraud works.
The first experiment was to cram as many terms as possible into a tweet and see what would happen.
The business said that it received many answers from fake accounts posing as MetaMask and TrustWallet help accounts within seconds of posting.
“Tweets including the words support,’ ‘help,’ or ‘assistance,’ as well as terms like ‘MetaMask,’ ‘Phantom,’ ‘Yoroi,’ and ‘Trust Wallet,’ will get virtually quick answers from Twitter bots with phony support forms or accounts,” the business stated.
Threat actors have now established up help forms on Google Docs and other cloud platforms, asking for the user’s email address, the difficulty they’re having, and their wallet’s recovery phrase in order to steal the password.
Your crypto wallet generates a set of 12 to 24 words called a recovery phrase, also known as a seed phrase.
This phrase is used to retrieve your wallet if you lose access to it or it becomes otherwise unreachable.
Scammers will reference their ‘encrypted cloud bot,’ which will reportedly assist safeguard the details you’ve been providing in the form, to persuade you to put your sensitive information in the form.
The fraudsters, on the other hand, all have the same goal: to steal the recovery words for a victim’s wallet.
Once they have it, they will be able to obtain access to your crypto wallet and transfer whatever crypto assets you own to their own wallets.
Twitter has been infiltrated by scammers.
This time, a “new” Twitter fraud has surfaced.
The system has aided fraudsters in stealing cryptocurrency wallets by posting some posts on social media and causing victims to collapse.
Because the cryptocurrency market is so unpredictable, fraudsters will look for an opportunity to steal.
As a result, it is advised that investors exercise extreme caution when using social media to avoid having their funds stolen.
This isn’t the first time Twitter has been questioned about security concerns.
A big breach of numerous high-profile people’s Twitter accounts occurred not long ago, and messages were sent out enticing them to invest in cryptocurrencies.
This event resulted in a significant financial loss, and Twitter was said to be working on improving security standards, however, this did not materialize.
It’s vital to remember that Twitter is one of the most prominent social media platforms on the planet, with an unquestionable amount of users.
As a result, fraudsters have discovered a perfect target. They do quick searches using terms related to cryptocurrencies, such as “Crypto” “Cryptocurrencies” “Ethereum,” and so on.
They’ll be able to spot tweets regarding that topic this way.
They have a simple system in place. Cybercriminals discover tweets regarding cryptocurrencies and provide comments with links to hack bitcoin wallets.
According to current statistics, it is a vast operation since hackers do not do it manually, but rather use a bot that recognizes tweets and publishes help forms in a large number of tweets at once.
These forms are fictitious and are used to collect wallet info.
You should not click on any unusual remarks seen in a tweet, regardless of how much bitcoin you have in your hands.
This will most likely link you to a location where your data will be stolen and the cryptocurrency you purchased will be obtained.
It is rather simple to recognize them. The forms they send you to are from Google or a third-party service.
You’ll be prompted to provide your email address as well as a wallet recovery phrase.
This phrase can be anything from 12 to 24 words long, and it will allow the account holder to access the wallet if they forget their password.
Hackers just need this information to gain access to your wallet, empty it, and disappear with all of your cryptocurrency.
Twitter appears to be working on a solution to the problem of cryptocurrency thefts.
Do not attempt to fill out any unusual forms.
Users are encouraged not to click on any strange links and, if they do, not to provide important information, despite the fact that no automatic system has been established to identify comments containing forms.
One of the reasons why hackers are so interested in cryptocurrencies is that they may take them and escape with them without leaving a trail.
A cryptocurrency may be moved from one wallet to another in a matter of seconds, travel around the world, and then be lost until it is found.
Furthermore, crypto theft inquiries frequently go unanswered.
The number of illicit operations involving these assets has been rising for some time.
Many people in the United States and Canada have been conned out of their money and have no way of recovering it.
As a result, the applicants’ and authorities’ suggestions are crystal apparent.
It is advisable not to click on strange links and not to give out vital information to anyone.
If someone wishes to invest in cryptocurrencies, they should use well-known wallets or trading platforms.
While fraud dangers exist, certain platforms have received governmental clearance and have rigorous security requirements, making them less likely to be scammed.
And while Twitter has yet to respond to this issue, it is believed that the security issue would be addressed in order to minimize fraud.
What you should know before investing in cryptocurrency
Twitter informed BleepingComputer that spamming with Twitter APIs is against the rules and that they’re working on new ways to avoid such assaults.
You should never tell anyone your wallet’s recovery phrase. No reputable support person from ‘MetaMask,’ ‘TrustWallet,’ or anywhere else will ever ask for the recovery phrase.
The security of wallets is determined by how they are managed by the user.
The most serious threat to crypto security is the loss or disclosure of the private key by an individual user.
Online wallets are the simplest to set up and use, but they are also the most vulnerable to hacking.
Using an offline wallet rather than an online wallet is one approach to keeping your crypto safe.