In an effort to steal innocent people’s money, scammers have begun to use various Twitter accounts that impersonate major firms and figures within the cryptocurrency world.
On January 30th, for example, a response was posted to a Tweet by Charlie Lee, the founder of Litecoin whose verified Twitter handle is @SatoshiLite and who lists his name as “Charlie Lee [LTC]”, by someone using the same name and the nearly-identical handle, @SatoshiLitev (of course, this handle is not verified). The response solicited donations – and contained a promise that Lee would repay people ten times the amount that they donated:
“I am donating 240 Litecoin to the LTC community. First 60 transactions with 0.4 LTC sent to the address below will each receive 4 LTC to the address the 0.4 LTC came from LdJsGa9NLzL7QkkLzEkMsn94UodEfZKLUz Claim your LTC now!”
Of course, @StaoshiLitev is not Charlie Lee, the founder of Litecoin, and the donation promise is a scam. At this point, over 11.5 Litecoins (worth approximately $1,600 as I write this article) have been sent to the crook’s address – all of which have already been sent by the scammer to another address. For some reason, Twitter has not yet removed the post, so it is possible that more people will continue to fall prey to the scam tweet.
Similarly, bogus accounts requesting small donations in return for future payments of much larger amounts have been found impersonating the cryptocurrency, Ripple (which has the verified account @Ripple), as well as Ripple’s founder, Brad Garlinghouse (who uses the verified account, @bgarlinghouse), and the cryptocurrency, Ethereum (verified account @ethereumproject), and its founder, Vitalik Buterin (verified account @VitalikButerin).
Almost all of the scams that I have found include some classic-scam-element of time pressure — either limiting the reward to the first X people to make the “donation,” or stating that the offer expires in X hours.
So, here are some guidelines to help you stay safe:
Do not simply follow instructions in any Tweet asking you to send cryptocurrency of any sort to any address. Instead, as I discussed regarding cryptocurrency-targeted phishing attacks, always verify the address to, and reason for which, you plan to send payment for any cryptocurrency-related matter by comparing them to the address and offer listed on the official website of the party allegedly issuing the tweet, and to the address listed in any prior correspondence from that party. You should also verify the address and offer by contacting the relevant party at a known valid contact address or phone number. If anything does not match perfectly, or seems “off,” proceed with caution or do not proceed at all. Also, consider that most major cryptocurrency issuers and figures have verified Twitter accounts – so, if you see that a post from a major cryptocurrency issuer or celebrity was made by an unverified account, take an extra look at the account’s handle, and confirm via the party’s website that you are, in fact, accessing a tweet made by the legitimate Twitter account.
Remember, cryptocurrency is, in some ways, the new “Digital Wild West” – so, stay safe!