The 19-part thread details the sophisticated strategies scammers use to rob cryptocurrency users of their funds.
Cybersecurity analyst Serpent spoke about his penchant for the most insidious cryptocurrency and non-fungible token (NFT) scams currently active on Twitter.
The analyst, who has 253,400 followers on Twitter, is the founder of the artificial intelligence and crypto threat mitigation system Sentinel.
In a 19-part thread published on Aug. 21, Serpent outlined how scammers target novice cryptocurrency users using knockoff websites, URLs, accounts, hacked verified accounts, fake projects, fake airdrops, and a variety of malware.
One of the more worrying strategies comes amid the recent spate of crypto phishing and protocol breaches. The snake explains that the cryptocurrency recovery scam is used by attackers to trick those who recently lost money in a widespread hack by saying:
“To put it simply, they are trying to target people who have already been scammed and claim they can get the money back.”
According to Serpent, these scammers, posing as blockchain developers, are looking for users who have recently fallen victim to a large-scale hack or exploit and demand that they pay them to provide a smart contract that can return their stolen funds. Instead, they “take their wages and run.”
This was seen in action after a multi-million dollar exploit that affected Solana wallets earlier this month, when Heidi Chakos, host of YouTube channel Crypto Tips, warned the community to beware of scammers using a Offer hack solution.
Another strategy also uses current exploits. According to the analyst, Fake Revoke.Cash Scam tricks users into visiting a phishing website and warns them that their crypto assets may be at risk by using an “urgent condition” to trick users into clicking a malicious one to click link.
Source: @Serpent on Twitter
Another strategy uses Unicode letters to make a phishing URL look almost like a real one, but replaces one of the letters with a Unicode equivalent. Meanwhile, another strategy is for scammers to hack into a verified Twitter account, which is then rebranded and used to impersonate someone powerful in order to fake mints or airdrops.
The rest of the scams are aimed at users looking to get rich quick. These include the Uniswap pre-emption scam, which is often seen as a spam bot message encouraging users to watch a video explaining how to “make $1,400 a day pre Uniswap,” which they do instead tricked into sending their money to a wallet scammer.
Another strategy is known as a honeypot account, where users are said to be given a private key to gain access to a downloaded wallet. But when they try to send cryptocurrency to fund the transfer of coins, they are immediately sent to scammers’ wallets through the bot.
Other tactics include asking large NFT collectors to “beta test” a new game or Play to Earn (P2E) project, or outsourcing fake work to NFT artists. But in both cases, the trick is just an excuse to send them malicious files that can delete cookies, passwords, and browser extension data.
See Also: Aurora Labs CEO Describes the ‘Exciting and Insidious’ Crypto Scam He Almost Became Involved In
Last week, a Chainalysis report found that cryptocurrency scam revenue fell by 65% in 2022, due to falling asset prices and the exit of inexperienced cryptocurrency users from the market. Total year-to-date cryptocurrency fraud revenues are currently $1.6 billion, up from approximately $4.6 billion last year.