Cybersecurity analyst Serpent has uncovered the most insidious crypto and non-fungible tokens (NFT) scams currently circulating on Twitter.
The analyst is the founder of Sentinel, an AI community system to defend against crypto threats.
In a 19-part thread on August 21, Serpent described how scammers join inexperienced Maliciously targets crypto users using fake websites, URLs, accounts, hacked verified accounts, fake projects, fake airdrops and lots of malware.
Of particular concern and successful strategies are cryptophishing and protocol hacks. Serpent explains that the so-called “Crypto Recovery Scam” is particularly popular among attackers. This scam targets people who have recently lost money due to a hack attack:
“Simply put, they are trying to target people who have already been scammed and claim they can get their money back.”
According to Serpent, these scammers pose as blockchain developers and target users who have recently been victims of a large-scale hack or exploit. They ask them for a fee, for which the attackers want to create a smart contract that will retrieve the stolen money. Of course, after paying this fee, nothing happens and the attackers disappear from the scene.
Heidi Chakos, the operator of the YouTube channel Crypto Tips, warned the community to beware of scammers offering a purported solution to the stolen money.
In addition, newer vulnerabilities are also often used in scams. According to the analyst, an attacker using the so-called “Fake Revoke.Cash Scam” is trying to direct users to a phishing website where they are warned that their crypto assets may be at risk. An urgent appeal aims to encourage users to click on this fake link.
Another strategy uses “Unicode letters” to make a phishing URL look almost exactly like a real one. However, one of the letters is replaced with a Unicode character. Another strategy involves scammers hacking a verified Twitter account, then turning it into an influencer and then promoting fake mints or airdrops.
There are other strategies aimed at users who want to get rich quick. Among them is the so-called “Uniswap Front Running Scam”, which often takes the form of spambot messages urging users to watch a video explaining how to “trade $1,400 a day front running on Uniswap”.
Then there is also the so-called “honeypot account” strategy, where users are allegedly given a “private key” that gives them access to a full wallet. However, when they try to send cryptocurrencies there to fund the transfer of coins, they are immediately sent to the scammers’ wallets via a bot.
Another scam strategy targets NFT collectors of high value NFTs. These are invited to a “beta test” of a new P2E game or project, or fake works are commissioned by NFT artists. In either case, this is just an excuse to send them malicious files that can steal browser cookies, passwords, and extension data.
Last week, a report by Chainalysis found that the amount of money lost to crypto scams has dropped by 65 percent so far in 2022. This is due to the falling prices and the exit of inexperienced crypto users from the market. A total of $1.6 billion has been stolen by crypto fraud since the beginning of the year. That compares with $4.6 billion last year.