In a digital world increasingly entwined with cryptocurrency, a worrying trend has emerged on the social media platform X (formerly Twitter). Cybersecurity experts are raising the alarm about a spike in crypto scams and phishing attempts, which seem to exploit the platform’s system of gold checkmarks designated for verified organizations with a large number of X followers.
This surge in fraudulent activity coincides with Elon Musk’s recent decision to slash the cost of obtaining these gold checks, making it cheaper and potentially easier for scammers to appear legitimate.
Reports suggest that hackers are targeting dormant accounts, commandeering them to perpetrate scams CloudSEK’s report. Even accounts with robust protection measures, like Google’s cybersecurity division Mandiant, have not been spared, with some falling victim to sophisticated phishing schemes.
One high-profile incident involved Ethereum co-founder Vitalik Buterin, whose account was hijacked and used to post fake offers for free non-fungible tokens (NFTs). The scammers included a malicious link that, when clicked, would drain cryptocurrency wallets. In just 20 minutes, the scam siphoned over $691,000 from Buterin’s followers.
Update: $691k drained (another 33% in drainer fee address) pic.twitter.com/AVIShqDlMU
— ZachXBT (@zachxbt) September 9, 2023
Elon Musk, who has been at the helm of X since his acquisition, has recently lowered the cost of gold checkmarks from $1,000 to $200 monthly for a “basic” plan. This move has sparked debate, with some suggesting it could attract more paid subscribers, while others fear it may exacerbate the scamming issue Cointelegraph report.
Our new Verified Organizations Basic tier is now available for $200/month or $2000/year!
Designed for smaller businesses, subscribers receive ad credits & priority support to enable faster growth on X
Subscribe via https://t.co/tavd2Beuhx
— Verified (@verified) January 2, 2024
The gold checkmarks on X are meant to instill trust in users by indicating an account’s affiliation with an official organization or company. However, the reduced cost has made these symbols of trust more accessible to bad actors.
How does the X scam work?
The scam begins with advertisements found in the darker corners of the web and on popular messaging platforms such as Telegram and Facebook. CloudSEK’s spokesperson shared with Ars Technica that the volume of ads specifically targeting X gold checks was a significant indicator of an imminent large-scale malicious campaign.
During their probe into the matter, CloudSEK analysts discovered that as early as March 2023, individuals were seeking to purchase gold X accounts on dark web marketplaces. These buyers emphasized the critical nature of such accounts for their operations, indicating a high demand for the credibility that comes with the gold checkmark of verification.
Scammers have been brazen enough to list the names of legitimate companies whose accounts they’ve compromised. They’ve also offered services to artificially inflate the follower count of these accounts, suggesting an extensive network dedicated to manipulating and monetizing stolen profiles.
In one instance highlighted by CloudSEK, a dormant X account with almost 30,000 followers, untouched since 2016, was put up for sale on Telegram for as much as $2,500. The tactics to gain control of these accounts are varied; they range from creating counterfeit accounts mimicking real organizations to employing brute-force attacks and deploying malware to obtain login credentials.
Once an account is hijacked, the perpetrators often update the account details with their own, effectively locking out the original owner. The next step involves subscribing to the X gold service, making the account appear legitimate and thus more valuable on the black market.
The transaction process for these illicit sales is conducted through intermediaries who hold the buyer’s money in escrow until the account is securely transferred. This arrangement offers buyers a 30-day period of “hassle-free” access to the account. Should any access issues occur on the initial login, a replacement is promised, though all sales are generally considered final.
With X’s recent announcement of upcoming annual subscriptions, the longevity of these scams could extend, potentially allowing uninterrupted malicious activity on hijacked accounts for an entire year. This prospect could further incentivize the underground trade of verified accounts, making the gold checkmarks an even more coveted asset among cybercriminals.
The situation underscores a growing concern over account security on social media platforms and raises questions about the responsibility of these platforms to safeguard their verification systems. Users are urged to remain vigilant and report any suspicious activity, while organizations should enhance their security protocols to protect against such threats.
CloudSEK’s findings indicate that hijacked gold and gray check accounts are being sold for $1,200 to $2,000, with the price varying based on the account’s age and number of followers. Scammers are also able to buy accounts associated with gold checks for around $500 each, creating a lucrative market for these verified profiles Ars Technica report.
To combat these threats, CloudSEK recommends organizations enhance their brand monitoring, improve security settings, and close inactive accounts. Additionally, they advise against storing passwords in browsers, suggesting the use of password managers that are less susceptible to malware attacks. Monitoring any apps connected to X is also suggested as a preventive measure.
Ongoing Investigations
Mandiant and other cybersecurity firms are currently investigating these incidents and pledge to share their findings. Meanwhile, X has yet to officially respond to the reports concerning the exploitation of their verification system.
The rise of these scams poses a significant risk to users, especially with the increased adoption of digital assets. High-profile platforms like X have become prime targets for scammers who execute various schemes to defraud users. As the situation unfolds, the tech community and users alike are urged to remain vigilant and scrutinize the authenticity of accounts, especially those promoting cryptocurrency transactions.
For more information on the latest developments and advice on how to protect yourself from such scams, visit CloudSEK, Ars Technica, and Cointelegraph.