'Year of the Phish'? Socially-Engineered Attacks Populate Crypto in 2020

by Rachel McIntosh
  • Are socially-engineered attacks becoming more popular? And if so, what can be done?
'Year of the Phish'? Socially-Engineered Attacks Populate Crypto in 2020
FM
Join our Crypto Telegram channel

When it comes to cryptocurrency-related crime, every year seems to have its own particular ‘flavor’. 2018 was the year of massive exchange hacks (remember Coincheck?); 2019 was seasoned with an air of massive ponzi schemes (PlusToken, OneCoin) with a few scandals thrown in the mix (QuadrigaCX, anyone?)

So far in 2020, the most memorable crypto-related criminal moments seem to be taking a new shape. As cryptocurrency exchanges have continued to beef up their security measures, and global regulators and law enforcement are learning how to curb crypto crime, criminals are increasingly attacking from a new angle: socially-engineered cyber attacks.

Of course, these kinds of manipulative tactics have been a part of the cryptosphere since its inception: even outside the cryptosphere, cyberattacks that exploit human trust are as old as time (or at least as old as the internet). Phishing, stolen identity scams, and many other kinds of exploitative scams are, unfortunately, very popular.

So far this year, socially-engineered attacks appear to be playing an outsized role in crypto's scam landscape. Is 2020 crypto’s ‘Year of the Phish’?

2020's Most Prominent Crypto Scam So Far Was a Socially Engineered Attack on Twitter

After all, it certainly seems that the most memorable crypto-related cybercrime story of the year so far was based on multiple angles of trust exploitation.

On July 15th, the Twitter accounts of dozens of high-profile individuals across political and celebrity spheres tweeted out messages saying that they would double the amount of Bitcoin that was sent to their wallet addresses and send it back. This is called a 'Giveaway' scam.

Joe Biden's Twitter account was one of many that were compromised in the July attack.

Dozens, or even hundreds, of unsuspecting users, sent a total of more than $100,000 to the bitcoin addresses they believed to be associated with Barack Obama, Elon Musk, Joe Biden, and many others.

How did this happen?

Legend has it that a vampire cannot enter your house unless they are invited in. Sure enough, 17-year-old Graham Ivan Clark was able to access and post from the Twitter accounts in question because an unsuspecting Twitter employee accidentally handed him the keys to the kingdom.

Indeed, Clark’s attack was designed to manipulate and exploit human trust from beginning to end. He reportedly used phishing email tactics to convince a Twitter employee that he was a coworker in the company’s IT department. He then received the necessary credentials from the employee, allowing him to access Twitter’s ‘God mode.’

'Giveaway' Scams Are Not a New Thing for the Cryptocurrency Space

Graham Ivan Clark’s attack on Twitter may be the most famous crypto-related cyberattack this year. However, it is only one of many socially-engineered cyberattacks in crypto space.

In fact, just this week, attacks that closely resembled Clark’s attack on Twitter have rocked the world of Youtube.

Specifically, hackers appear to be systematically taking over prominent Youtube channels. The hackers then change the names of the channels, and then post videos urging viewers to send Bitcoin with the same promise that Clark offered victims on Twitter: that their coins would be doubled and sent back to them.

Business Insider reported that unlike the Twitter scams, the exploited Youtube accounts do not appear to have been compromised through a widespread security breach of Youtube’s internal operations. Rather, hackers appear to have only gotten ahold of the credentials for specific accounts they are interested in hacking.

The hackers also appeared to take advantage of the SpaceX landing that occurred last week as a means of getting more clicks on their videos: the names of the compromised channels were changed to terms like 'SpaceX' or 'Elon Musk' to exploit the increased interest in SpaceX’s collaboration with NASA.

Esports commentator Rod Breslau also pointed out that some of the channels’ live-streamed Bitcoin scam videos may have used ‘view-bots’: bots that artificially inflate the number of views that a channel has, to heighten their visibility.

Youtube Appears to Have An Ongoing Problem With Crypto Scam Videos and Accounts

Youtube’s crypto hack problem is not just limited to last week’s events.

In mid-July, Finance Magnates reported that a number of Youtube accounts were co-opting the identities of a number of prominent figures within the cryptosphere to make the same kinds of fraudulent promises: “send us your crypto, and we’ll double it and send it back.”

On July 12th, Charles Hoskinson, the founder of the Cardano (ADA) cryptocurrency network, posted publicly on Twitter about the scams: “it has come to my attention that a scam has been floating around using my conference keynote to promote a giveaway...this is a scam. Please report it to YouTube. We will take legal action if we can against those responsible.”

Around the same time, CoinDesk reported that a number of other fake videos and accounts had sprung up under the identities of, Ethereum founder Vitalik Buterin, Gemini founders Tyler and Cameron Winklevoss, and others.

Other than removing reported videos, it is still unclear what Youtube is doing to try and curb these scams. A Twitter user alleged that the fraudsters behind the fake Youtube videos “are also putting [their videos] in youtube ads which is insane.” He asked: “Is youtube ignoring this for revenue? How are they not vetting the ads?”

https://twitter.com/darko08/status/1282173830006546437

Finance Magnates reached out to Youtube, but did not immediately receive a response. Comments will be added as they are received.

Scammers Are Becoming 'More Professional and Dangerous'

In addition to co-opting the identities of individuals within the cryptocurrency sphere, hackers seem to be taking on the identities of platforms at an increasing level.

Specifically, Blockchain trading and analytics firm Whale Alert published a study in July with findings that crypto scammers are frequently building fake cryptocurrency exchanges.

Some of these fake exchanges may take on the appearance of existing, legitimate crypto exchanges, while others may set up shop on their own before disappearing with users’ funds. The fake exchanges are also a 'convenient' way for hackers to rack up large amounts of users’ personal data: identity records, credit card numbers, bank account information, and more.

In its report, Whale Alert commented that “the change in method and the increase in quality and scale suggests that entire professional teams are now behind some of the most successful” of these fake exchanges, and that “it is just a matter of time before they start using deepfakes, a technique that will surely revolutionize the scam market.”

On the whole, Whale Alert noted a trend in cryptocurrency fraud after the mid-July Twitter attack “the scale and the boldness of the attack confirm our fears that the scammers are becoming more professional and dangerous.

“What started with mostly bulk sent sextortion emails and malware has now evolved into fake enterprises offering round-the-clock ‘customer support’ with dozens of websites and thousands of fake social media accounts used for promotion.”

The Crypto Scam Industry May Soon Be Worth $50 Million Per Year

This apparent increase in professionally built, socially-engineered cyberattacks appears to also have dramatically increased the amount of money that hackers have managed to abscond with.

Indeed, Whale Alert’s report found that scammers’ BTC income appears to have surged throughout the first six months of this year.

Source: Whale Alert

“So far we have been able to confirm 38 million US dollars in bitcoin alone stolen by scammers over the past 4 years (excluding Ponzi schemes, which are a billion-dollar industry on their own),” the report said: “$24 million of which [were stolen] during the first 6 months of 2020.”

At the moment, Whale Alert seems to believe that this will only get worse “by the end of 2020, we predict [the crypto scam market] will have grown over twenty-fold since 2017 to an annual revenue of at least 50 million US dollars.”

Quashing the Growth of the Crypto Scam Industry

Can anything be done to stop the growth of the cryptocurrency scam market?

It seems that yes, falling victim to these kinds of scams is certainly preventable: the social media platforms that are being used to spread these scams are certainly taking action.

Twitter, for example, told users that “we’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”

Other platforms, including Youtube, appear to have taken the approach of quickly responding and removing fraudulent cryptocurrency-related accounts and videos.

Additionally, regulators and law enforcement agencies around the world seem to be continuously learning and developing strategies for dealing with crypto-related fraud.

The Ultimate Responsibility for Cryptocurrency Safety May Lie With the Crypto Community as a Whole

However, Whale Alert alleges that the primary responsibility of fraud prevention at the moment lies with the cryptocurrency community.

For example, while crypto giveaway scams may appear to only affect the most gullible among us, legitimate blockchain and cryptocurrency platforms often hold legitimate crypto giveaways.

Therefore, “established blockchain companies play a big role in normalizing the idea of free money through giveaways and should be more thoughtful about what message they carry outwards and stop with these kinds of promotions altogether,” Whale Alert argues.

Additionally, crypto companies should use their power and presence to effectively communicate the risks of the fraudulent crypto world to their users, “as the gateway between fiat and Cryptocurrencies , exchanges especially should be actively educating newcomers on the dangers in blockchain and prevent them from sending anything to known or suspected scam addresses.”

When it comes to cryptocurrency-related crime, every year seems to have its own particular ‘flavor’. 2018 was the year of massive exchange hacks (remember Coincheck?); 2019 was seasoned with an air of massive ponzi schemes (PlusToken, OneCoin) with a few scandals thrown in the mix (QuadrigaCX, anyone?)

So far in 2020, the most memorable crypto-related criminal moments seem to be taking a new shape. As cryptocurrency exchanges have continued to beef up their security measures, and global regulators and law enforcement are learning how to curb crypto crime, criminals are increasingly attacking from a new angle: socially-engineered cyber attacks.

Of course, these kinds of manipulative tactics have been a part of the cryptosphere since its inception: even outside the cryptosphere, cyberattacks that exploit human trust are as old as time (or at least as old as the internet). Phishing, stolen identity scams, and many other kinds of exploitative scams are, unfortunately, very popular.

So far this year, socially-engineered attacks appear to be playing an outsized role in crypto's scam landscape. Is 2020 crypto’s ‘Year of the Phish’?

2020's Most Prominent Crypto Scam So Far Was a Socially Engineered Attack on Twitter

After all, it certainly seems that the most memorable crypto-related cybercrime story of the year so far was based on multiple angles of trust exploitation.

On July 15th, the Twitter accounts of dozens of high-profile individuals across political and celebrity spheres tweeted out messages saying that they would double the amount of Bitcoin that was sent to their wallet addresses and send it back. This is called a 'Giveaway' scam.

Joe Biden's Twitter account was one of many that were compromised in the July attack.

Dozens, or even hundreds, of unsuspecting users, sent a total of more than $100,000 to the bitcoin addresses they believed to be associated with Barack Obama, Elon Musk, Joe Biden, and many others.

How did this happen?

Legend has it that a vampire cannot enter your house unless they are invited in. Sure enough, 17-year-old Graham Ivan Clark was able to access and post from the Twitter accounts in question because an unsuspecting Twitter employee accidentally handed him the keys to the kingdom.

Indeed, Clark’s attack was designed to manipulate and exploit human trust from beginning to end. He reportedly used phishing email tactics to convince a Twitter employee that he was a coworker in the company’s IT department. He then received the necessary credentials from the employee, allowing him to access Twitter’s ‘God mode.’

'Giveaway' Scams Are Not a New Thing for the Cryptocurrency Space

Graham Ivan Clark’s attack on Twitter may be the most famous crypto-related cyberattack this year. However, it is only one of many socially-engineered cyberattacks in crypto space.

In fact, just this week, attacks that closely resembled Clark’s attack on Twitter have rocked the world of Youtube.

Specifically, hackers appear to be systematically taking over prominent Youtube channels. The hackers then change the names of the channels, and then post videos urging viewers to send Bitcoin with the same promise that Clark offered victims on Twitter: that their coins would be doubled and sent back to them.

Business Insider reported that unlike the Twitter scams, the exploited Youtube accounts do not appear to have been compromised through a widespread security breach of Youtube’s internal operations. Rather, hackers appear to have only gotten ahold of the credentials for specific accounts they are interested in hacking.

The hackers also appeared to take advantage of the SpaceX landing that occurred last week as a means of getting more clicks on their videos: the names of the compromised channels were changed to terms like 'SpaceX' or 'Elon Musk' to exploit the increased interest in SpaceX’s collaboration with NASA.

Esports commentator Rod Breslau also pointed out that some of the channels’ live-streamed Bitcoin scam videos may have used ‘view-bots’: bots that artificially inflate the number of views that a channel has, to heighten their visibility.

Youtube Appears to Have An Ongoing Problem With Crypto Scam Videos and Accounts

Youtube’s crypto hack problem is not just limited to last week’s events.

In mid-July, Finance Magnates reported that a number of Youtube accounts were co-opting the identities of a number of prominent figures within the cryptosphere to make the same kinds of fraudulent promises: “send us your crypto, and we’ll double it and send it back.”

On July 12th, Charles Hoskinson, the founder of the Cardano (ADA) cryptocurrency network, posted publicly on Twitter about the scams: “it has come to my attention that a scam has been floating around using my conference keynote to promote a giveaway...this is a scam. Please report it to YouTube. We will take legal action if we can against those responsible.”

Around the same time, CoinDesk reported that a number of other fake videos and accounts had sprung up under the identities of, Ethereum founder Vitalik Buterin, Gemini founders Tyler and Cameron Winklevoss, and others.

Other than removing reported videos, it is still unclear what Youtube is doing to try and curb these scams. A Twitter user alleged that the fraudsters behind the fake Youtube videos “are also putting [their videos] in youtube ads which is insane.” He asked: “Is youtube ignoring this for revenue? How are they not vetting the ads?”

https://twitter.com/darko08/status/1282173830006546437

Finance Magnates reached out to Youtube, but did not immediately receive a response. Comments will be added as they are received.

Scammers Are Becoming 'More Professional and Dangerous'

In addition to co-opting the identities of individuals within the cryptocurrency sphere, hackers seem to be taking on the identities of platforms at an increasing level.

Specifically, Blockchain trading and analytics firm Whale Alert published a study in July with findings that crypto scammers are frequently building fake cryptocurrency exchanges.

Some of these fake exchanges may take on the appearance of existing, legitimate crypto exchanges, while others may set up shop on their own before disappearing with users’ funds. The fake exchanges are also a 'convenient' way for hackers to rack up large amounts of users’ personal data: identity records, credit card numbers, bank account information, and more.

In its report, Whale Alert commented that “the change in method and the increase in quality and scale suggests that entire professional teams are now behind some of the most successful” of these fake exchanges, and that “it is just a matter of time before they start using deepfakes, a technique that will surely revolutionize the scam market.”

On the whole, Whale Alert noted a trend in cryptocurrency fraud after the mid-July Twitter attack “the scale and the boldness of the attack confirm our fears that the scammers are becoming more professional and dangerous.

“What started with mostly bulk sent sextortion emails and malware has now evolved into fake enterprises offering round-the-clock ‘customer support’ with dozens of websites and thousands of fake social media accounts used for promotion.”

The Crypto Scam Industry May Soon Be Worth $50 Million Per Year

This apparent increase in professionally built, socially-engineered cyberattacks appears to also have dramatically increased the amount of money that hackers have managed to abscond with.

Indeed, Whale Alert’s report found that scammers’ BTC income appears to have surged throughout the first six months of this year.

Source: Whale Alert

“So far we have been able to confirm 38 million US dollars in bitcoin alone stolen by scammers over the past 4 years (excluding Ponzi schemes, which are a billion-dollar industry on their own),” the report said: “$24 million of which [were stolen] during the first 6 months of 2020.”

At the moment, Whale Alert seems to believe that this will only get worse “by the end of 2020, we predict [the crypto scam market] will have grown over twenty-fold since 2017 to an annual revenue of at least 50 million US dollars.”

Quashing the Growth of the Crypto Scam Industry

Can anything be done to stop the growth of the cryptocurrency scam market?

It seems that yes, falling victim to these kinds of scams is certainly preventable: the social media platforms that are being used to spread these scams are certainly taking action.

Twitter, for example, told users that “we’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”

Other platforms, including Youtube, appear to have taken the approach of quickly responding and removing fraudulent cryptocurrency-related accounts and videos.

Additionally, regulators and law enforcement agencies around the world seem to be continuously learning and developing strategies for dealing with crypto-related fraud.

The Ultimate Responsibility for Cryptocurrency Safety May Lie With the Crypto Community as a Whole

However, Whale Alert alleges that the primary responsibility of fraud prevention at the moment lies with the cryptocurrency community.

For example, while crypto giveaway scams may appear to only affect the most gullible among us, legitimate blockchain and cryptocurrency platforms often hold legitimate crypto giveaways.

Therefore, “established blockchain companies play a big role in normalizing the idea of free money through giveaways and should be more thoughtful about what message they carry outwards and stop with these kinds of promotions altogether,” Whale Alert argues.

Additionally, crypto companies should use their power and presence to effectively communicate the risks of the fraudulent crypto world to their users, “as the gateway between fiat and Cryptocurrencies , exchanges especially should be actively educating newcomers on the dangers in blockchain and prevent them from sending anything to known or suspected scam addresses.”

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}