Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
To lure potential victims, the scammer uses a breach on major cryptocurrency exchange platforms. The scenario urges users to act swiftly to safeguard their digital assets from potential theft.
The scammers impersonate accounts on X belonging to blockchain analytics or crypto fraud investigation firms and researchers, like CertiK, ZachXBT, and Scam Sniffer, to promote fabricated security breaches on Uniswap and Opensea.
To impersonate the legitimate accounts, the threat actors created new X accounts with similar account names. For example, ZachXBT has the account @zachxbt, while the threat actors created and tweeted from @zacheryxbt.
Many legitimate X users fell for the trick and shared the scam on their accounts, some with hundreds of thousands of followers without double-checking the validity of the claims.
One example is a tweet from malware analysis platform vx-underground, whose admins falsely assumed the information came from a trustworthy account. In the tweet below, VX-Underground clarifies how they fell for the trick.
The scale of the campaign is also notable, with bot accounts promoting hashtags like #UniswapExploit to the point of them reaching top trending topics in the U.S. on X.
ZachXBT, one of the accounts impersonated in this scam, told BleepingComputer that the first time he saw this threat group utilizing this tactic was on November 9th.
This was when Hayden Adams - the developer of Uniswap's web application interface, warned the cryptocurrency community of the scam, clarifying that there was no Uniswap exploit leveraged in the wild and that tweets about this came from fake X accounts impersonating ZachXBT, Certik, and other well-known users in the cryptocurrency community.
Operation details
The scammers impersonate accounts on X belonging to blockchain analytics and investigation firms or users, like CertiK, ZachXBT, and Scam Sniffer, to promote a fabricated security breach on Uniswap or Opensea.
The scenario alleges that hackers exploited a signature verification vulnerability in the said protocols/exchanges to steal tokens.
Users are advised to revoke the permissions as soon as possible to prevent losing their assets by following a link to a malicious website at 'revoketokens[.]io' or 'revokea[.]sh' which are still online at the time of writing.
Once visitors click on the ‘Revoke Approvals’ button and connect their wallet, the scam drains their funds, which is a non-reversible process.
After publication of this article, ZachXBT says that the threat actors have successfully stolen over $305k in cryptocurrency as part of this ongoing scam.
Zach said that the cryptocurrency stolen from victims in this attack are stored in the following Ethereum addresses:
- 0x85a5b2968fae4e7f60f14e3bfc2ebda67050740f
- 0xe91fa37c3c5cf801cc8c6cd25a4d2399b3fba4e8
Impersonation risk
Impersonating the ‘good guys’ is a powerful deception trick capable of increasing success rate of the scam.
In July 2022, phishing actors were seen impersonating cybersecurity companies to gain initial access to corporate networks.
In June 2023, hackers created fake accounts on GitHub that impersonated existing cybersecurity researchers, even linking to fake X accounts for added legitimacy.
The repositories contained malware downloaders disguised as proof-of-concept (PoC) exploits for popular software.
There’s no precaution more effective than double-checking that an account is authentic and that its claims accurately represent the truth. Because even legitimate accounts can be compromised to propagate scams, users should verify the claims from official sources.
Finally, never connect your wallet to dubious or unofficial platforms, and avoid signing smart contracts you don’t fully understand.
If you’re overly worried about the likelihood of losing your digital assets to hacks and breaches, consider moving them to a cold wallet.
Comments
Lethabo - 6 months ago
Hello everyone.
My name´s Lethabo and me one of many fraud victims of usi-tech from South Africa.
What do I think about compliance at all?
That´s sure a nice approach as long as it´s adhered to.
At usi-tech the job of legal chief was held by Mike Kiefer.
Tragically, he was shot dead in a shootout with a rival gang of usi-tech in Thailand. Unfortunately.
I feel sorry for him, but nevertheless he, along with Horst Jicha and Ralf Gold, robbed me of my savings.
Now this case is brought back to the court in Brazil.
Ralf Gold has reportedly already been arrested by police in Brazil.
Now all that's missing is CEO Horst Jicha.
There is no trace of him.
Some wrote that Horst Jicha is staying with his daughter Celine Jicha in Germany?
But is that true? Neverthelles.
Hopefully some money will come back to Africa after this criminal gang is convicted.
We are not the richest and compliance or not, we have our bills to pay.
Maybe someone here can help us catch this Horst Jicha or has some information about his doughter Celine Jicha?
There should by a way to get this done.
Thanks for the comments to come.
piotrfelippe - 5 months ago
It's similar on Facebook. This is some plague of scams. On Facebook, fraudsters advertise fictitious earning platforms or pretend to help those they have cheated on.
You can report such fake sites on Google Phishing Report;
https://safebrowsing.google.com/safebrowsing/report_phish/
Lethabo - 5 months ago
Nowadays all over the world and literally everywhere we hear about gigantic sentencings for all these crypto criminals.
It has now becoming a kind of witch hunt with courts outdoing themselves when it comes to the number of years in jail as if it were some kind of olympic games, or something.
Apparently 110 years are not enough for Sam Bankman-Frid. Hmmm
No no. That's now 11,196 years in prison.
That's not the point! Not at all!
Instead of thinking about how much punishment each fraudster should get courts should be more concerned with ensuring that defrauded investors finally get their dollars back.
What good does it do to me if Ralf Gold or Horst Jicha get 11,196 years in Calaboose?
Nothing at all! Will I get my investment back, no!
So instead of focusing on avenge our group does things different and tries to find out where our fortune has been gone?
And through our constant contributions we try to activate others in the hope that they can read it and help us get it done.
Through our investigations we were able to find a new spot in the playground of our criminals.
For example we found out that usi-tech CEO Horst Jicha place at Celine Jicha is no longer valid.
He is still hiding in his country but not with his doughter Celine Jicha but with the usi-tech №2, Gold.
That's the spot: Hahnenbergstrasse 8, D-73434
For those affected who would like to support us in our research we refer you to our most wanted, special dedicated page: www.scammer-ralf-gold.com
Thanks for the comments to come.
Your Lethabo People