Cryptocurrency Scams Have Plagued Twitter for Years

A Bitcoin scam in which the Twitter accounts for Joe Biden, Elon Musk, Apple, and more began soliciting bitcoins from people on Wednesday was so massive that Twitter temporarily limited the functionality of all verified accounts on the platform, but in many ways, it was nothing new.

This isn’t the first time a widespread cryptocurrency scam has plagued Twitter; in fact, scams involving impersonation and even hacking verified accounts have run rampant on the social media platform for years. Yesterday’s hack was by far one of the largest incidents to date, but followed a playbook similar to Twitter-based Bitcoin scams of the recent past.

In 2018, for example, there was a rash of cryptocurrency scams flooding the platform. Sometimes, these involved simple impersonation: a scammer (or bot) would reply to an authentic tweet from a famous person using an account that looks similar to the legitimate one, and ask people to send bitcoins as part of a giveaway. This escalated into hacking, and there was a persistent trend of criminals hijacking verified (but not necessarily famous) Twitter accounts in order to change the display name and avatar to appear as if the account belonged to someone famous and solicit bitcoins. Musk, who was hit in Thursday’s campaign, was a popular subject for these scams.

It wasn’t always Musk, however. For example, the verified account of a Channel 4 correspondent was hijacked in 2018 and made to look like it belonged to Russian entrepreneur Pavel Durov to solicit cryptocurrency.

One outspoken person in cryptocurrency and frequent subject of impersonation scams at this time, Ethereum co-founder Vitalik Buterin, tweeted in early 2018 that “Whack a mole to stop scam accts is NOT working” and Twitter needs a better system.

Sometimes, these scams worked like the scam we saw yesterday. In 2018, the Twitter accounts for Google G-Suite and Target were hacked to promote a cryptocurrency scam.

These scams continued, and Twitter was fully aware of them. As users complained and even described the scams in terms of being an “existential risk” to Twitter, the company promised to stamp them out; first by removing offending accounts, and then by updating its reporting process for financial scams in 2019.

Still, the scams didn’t stop. Musk himself felt compelled to comment on the issue as recently as February of this year, when he tweeted, “The crypto scam level on Twitter is reaching new levels. This is not cool.”

And it’s not always cryptocurrency that hackers are using to scam people on Twitter, either. As we reported in March, hackers have even taken over Twitter accounts to advertise websites that claim to sell facemasks and toilet paper during the coronavirus pandemic.

These hacks were most likely carried out by different groups using a variety of means, but given that these types of scams have now escalated to the point of affecting the Democratic candidate for president of the U.S., it raises the question of what Twitter can do to finally stop them.

When asked by Motherboard in an email what efforts Twitter has taken—either before or after yesterday’s hack—to prevent these scams and hacks from happening, a spokesperson from Twitter said the investigation was ongoing and additional information would be shared on Twitter @TwitterSupport.

In a tweet made from @TwitterSupport yesterday, the company said, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”

They also tweeted they had “taken significant steps to limit access to internal systems and tools while our investigation is ongoing.” Currently, people who tried to change their Twitter passwords after the hack on Wednesday are still locked out.

One obvious change for Twitter would be to tighten up who has access to backend “god mode” tools, since they allow for such a high level of access. Making two-factor authentication a mandatory security measure could be another step Twitter takes to prevent these hacks from happening.

Now that the simmering issue of hijacking verified accounts to promote cryptocurrency scams is a full-blown crisis, maybe the company will finally act.