November 15, 2023 at 10:04AM
Multiple fake accounts on X (former Twitter) are promoting phishing pages to drain cryptocurrency wallets. The scammers impersonate accounts belonging to cryptocurrency experts and security firms to spread fabricated security breach claims. Users are advised to be cautious, verify claims from official sources, and avoid connecting wallets to suspicious platforms. Consider moving assets to a cold wallet for added security.
Key Takeaways from Meeting Notes:
1. There is an ongoing campaign on X (former Twitter) where multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets.
2. The scammer uses a breach on major cryptocurrency exchange platforms to lure potential victims into acting swiftly to safeguard their digital assets from theft.
3. The scammers impersonate legitimate accounts on X belonging to blockchain analytics or crypto fraud investigation firms and researchers like CertiK, ZachXBT, and Scam Sniffer, to promote fabricated security breaches on Uniswap and Opensea.
4. The threat actors created new X accounts with similar names to impersonate the legitimate accounts, for example, @zachxbt vs. @zacheryxbt.
5. Many legitimate X users fell for the scam and shared it on their accounts without verifying the claims’ validity, even some accounts with hundreds of thousands of followers.
6. The scale of the campaign is notable, with bot accounts promoting hashtags like #UniswapExploit, which reached top trending topics in the U.S. on X.
7. The first instance of this tactic being used by the threat group was on November 9th when Hayden Adams warned the cryptocurrency community that the tweets about Uniswap exploits were coming from fake X accounts impersonating well-known users.
8. The scammers promote a fabricated security breach on Uniswap or Opensea, alleging that hackers exploited a signature verification vulnerability in the protocols/exchanges to steal tokens.
9. Users are advised to revoke permissions as soon as possible to prevent losing their assets by following links to malicious websites like ‘revoketokens[.]io’ or ‘revokea[.]sh’.
10. Impersonating legitimate accounts increases the success rate of the scam, as seen in previous cases where cybercriminals impersonated cybersecurity companies and researchers.
11. It is crucial to double-check the authenticity of an account and verify claims from official sources to prevent falling victim to scams, even with seemingly legitimate accounts.
12. Users should avoid connecting their wallets to dubious or unofficial platforms and refrain from signing smart contracts they do not fully understand.
13. Consider moving digital assets to a cold wallet if there are concerns about the likelihood of losing them to hacks and breaches.