According to CryptoPotato, the SlowMist Security team has received numerous reports of theft and found that a significant portion of these thefts were facilitated by deceptive comments under tweets from well-known projects. Approximately 80% of comments under tweets from such projects were identified as phishing scam accounts. SlowMist also observed multiple Telegram groups engaged in the sale of Twitter accounts, offering some with varying follower counts, post numbers, and registration dates to cater to different buyer preferences. Most of the accounts sold in these groups were related to the crypto industry or belonged to influencers.
Dedicated websites specializing in the sale of Twitter accounts were discovered, featuring accounts from different years and offering options for purchasing accounts with usernames closely resembling legitimate ones. These websites commonly accept cryptocurrency payments. Upon acquiring existing accounts, phishing groups utilize promotional tools to enhance their credibility by purchasing followers and interactions. These tools, which also accept cryptocurrency payments, provide services like likes, shares, and follower boosts across major international social platforms. A platform catering to such services claimed to have processed over 1.3 million orders, with 20,000 individuals having utilized their offerings.
Armed with these resources, phishing groups proceed to mimic the information and appearance of legitimate projects, making it challenging for users to differentiate between authentic and fraudulent accounts. Automated bots track prominent projects’ activities, and phishing group bots quickly comment on project tweets to gain prime visibility. Users who mistake the posts for legitimate ones are more vulnerable and may click on phishing links promising airdrops from fake accounts, leading to inadvertent authorization of malicious transactions and financial losses. Countermeasures include the optimization of anti-phishing plugins, wallet signature verification and interaction safety features, and personal security consciousness.