Technology
Finance
cybersecurity
Cryptocurrency
Crypto
Web3
Scams
Online Security
Internet Safety
Phishing Scams
Internet Scams
Crypto Scams
Web Safety
🚨 CURRENTLY RUNNING TWITTER SCAMS 🚨
In this thread I've compiled a list of the most popular currently running crypto/NFT scams on Twitter.
Here's how they work 🧵👇
In this thread I've compiled a list of the most popular currently running crypto/NFT scams on Twitter.
Here's how they work 🧵👇
🚩🚩 UNICODE LETTERS 🚩🚩
Scammers have started spoofing URLs using lookalike
unicode letters
In this case, they are changing the letter "i" to a lookalike character from a non-English alphabet
The URLs respectively resolve to:
• xn--premnt-s9a[.]xyz
• xn--premnt-zva[.]xyz
Scammers have started spoofing URLs using lookalike
unicode letters
In this case, they are changing the letter "i" to a lookalike character from a non-English alphabet
The URLs respectively resolve to:
• xn--premnt-s9a[.]xyz
• xn--premnt-zva[.]xyz
On the phishing website, you will be met with a replica site of @PREMINT_NFT
When you click "Login To Register", depending on your total NFT collection value and your wallet balance, it will send either a Seaport signature which will drain your NFTs or attempt to drain your ETH.
When you click "Login To Register", depending on your total NFT collection value and your wallet balance, it will send either a Seaport signature which will drain your NFTs or attempt to drain your ETH.
🚩🚩 FAKE REVOKE.CASH SCAM 🚩🚩
In the attached pictures, we can see scammers pretending to be OpenSea (second screenshot is a hacked verified account) attempting to induce a state of urgency and play off of your fears to trick you into visiting a phishing website.
In the attached pictures, we can see scammers pretending to be OpenSea (second screenshot is a hacked verified account) attempting to induce a state of urgency and play off of your fears to trick you into visiting a phishing website.
This scammer in particular botted the likes, retweets & replies to his tweets to make it look legit, then locked the tweet so no one else can reply.
They also use bots to mass DM people on twitter linking them the tweet, or mass mention people on the tweets.
They also use bots to mass DM people on twitter linking them the tweet, or mass mention people on the tweets.
🚩🚩 HONEYPOT ACCOUNT 🚩🚩
I'm sure we've all gotten this DM, and I'm sure many of you are wondering, how would they be able to scam you from this?
The wallet itself has the USDT in it, but it will not have the money for transaction fees to transfer the USDT out.
I'm sure we've all gotten this DM, and I'm sure many of you are wondering, how would they be able to scam you from this?
The wallet itself has the USDT in it, but it will not have the money for transaction fees to transfer the USDT out.
Once you send any amount of money, however small it may be, a bot will instantly transfer the money out of the account, and to the scammer's wallet.
🚩🚩 HACKED VERIFIED ACCOUNTS & FAKE MINT/AIRDROPS 🚩🚩
Commonly using hacked verified accounts, scammers will usually launch fake airdrops/mints, however they can get pretty creative.
In the first screenshot we can see a hacked verified account impersonating the CEO of OpenSea
Commonly using hacked verified accounts, scammers will usually launch fake airdrops/mints, however they can get pretty creative.
In the first screenshot we can see a hacked verified account impersonating the CEO of OpenSea
and posting a fake $SEA token airdrop. In the last screenshot, we can see a fake "BAYC animator" targeted at BAYC holders. They will just drain your wallet.
Don't blindly trust the verification symbol, it means nothing. Always double check usernames.
Don't blindly trust the verification symbol, it means nothing. Always double check usernames.
🚩🚩 FAKE P2E GAME/PROJECT 🚩🚩
Either by individually targeting high-value NFT collectors, or making it widespread, scammers are impersonating/creating Play-To-Earn projects and releasing a "beta version" which is filled with malware
They are also offering payment for reviews.
Either by individually targeting high-value NFT collectors, or making it widespread, scammers are impersonating/creating Play-To-Earn projects and releasing a "beta version" which is filled with malware
They are also offering payment for reviews.
After opening the files, we can see that the rar file contains real game libraries to make it look legit. The launcher, however, is infected and will steal your browser cookies and browser data (including extension data).
🚩🚩 FAKE ART COMMISSIONS 🚩🚩
This is an individualized attacked (predominantly targeting artists) commissioning fake work for an illegitimate company. Hidden in the files will be an extension spoofed Screen saver (.scr) file which is an executable file.
This is an individualized attacked (predominantly targeting artists) commissioning fake work for an illegitimate company. Hidden in the files will be an extension spoofed Screen saver (.scr) file which is an executable file.
The .scr file will scrape all of your cookies, passwords, extension data (including wallet data), etc.
This sort of scam is also being used to target influencers, sending fake art previews, etc.
More info on my other thread about this scam:
This sort of scam is also being used to target influencers, sending fake art previews, etc.
More info on my other thread about this scam:
🚩🚩 UNISWAP FRONTRUNNING SCAM 🚩🚩
You may have seen this being spammed in the replies of random tweets, but how does it actually work?
The link takes you to a video teaching you how to "make $1400/DAY front-running Uniswap"
You may have seen this being spammed in the replies of random tweets, but how does it actually work?
The link takes you to a video teaching you how to "make $1400/DAY front-running Uniswap"
In the video, they tell you the more you put in, the more you will make.
They will ask you to first fund the contract, then click "start". But let's look at how the start() and withdrawal() functions work.
They will ask you to first fund the contract, then click "start". But let's look at how the start() and withdrawal() functions work.
Once you call one of the functions, it will transfer all the funds in the contract to uniswapDepositAddress() which is called from another contract (by the scammer) from GitHub, which returns with the scammer's wallet address:
0x107Fafa6565F33d03cA4dFCDF686BA352Fa9283c
0x107Fafa6565F33d03cA4dFCDF686BA352Fa9283c
🚩🚩 CRYPTO RECOVERY SCAM 🚩🚩
I'm sure most of us have seen these bots in the reply of tweets containing certain keywords.
Simply put, they attempt to target people who have already been scammed, and claim they can recover the funds.
I'm sure most of us have seen these bots in the reply of tweets containing certain keywords.
Simply put, they attempt to target people who have already been scammed, and claim they can recover the funds.
They claim to be blockchain developers and say they need a fee to deploy a smart contract that will recover the stolen funds, which is of course not possible. They take the fee and run.
Congrats on making it to the end of the thread! 🥳
Stay safe, and feel free to share this thread around to others ❤️
Stay safe, and feel free to share this thread around to others ❤️
Loading suggestions...