Scammers promote fake cryptocurrency giveaways via Twitter ads

Threat actors have started to use 'Promoted' tweets, otherwise known as Twitter ads, to spread cryptocurrency giveaway scams.

For some time, BleepingComputer has been reporting on scammers hacking into verified Twitter accounts to promote fake cryptocurrency giveaway scams. These scams pretend to be from well-known people or companies, such as Elon Musk, Tesla, Gemini Exchange, and, more recently, Chamath Palihapitiya, and Social Capital.

These scams have been incredibly successful for the threat actors, with one round of scams generating over $580,000 in a single week.

As these scams continue to generate revenue, the threat actors have also begun to target other cryptocurrencies that have recently become popular, such as Dogecoin.

Move over hacks. Hello, ads!

To promote their services and content, Twitter users can 'promote' an existing tweet by paying to have it shown to other users in their Twitter feeds.

This week, security researchers zseano, Jake, and MalwareHunterTeam have monitored a new trend used by the cryptocurrency scammers - taking out Twitter advertisements to promote their scams.

As you can see from the above images, both tweets are being promoted by Twitter and contain URLs to cryptocurrency giveaways.

When creating the tweets, the scammers break up the URL so that Twitter's ad fraud detection algorithms do not detect them.

Like the previous giveaway scams, these URLs lead to fake Medium pages pretending to be from Tesla, Social Capital, and Gemini Exchange that contain further links to the actual giveaway sites.

The giveaway sites' final landing pages are commonly Tesla, or Elon Musk-themed and contain a Bitcoin, Ethereum, or Dogecoin address that users are told to send coins. In return, the scammers state that the sender will receive double the amount that they sent.

From looking at only a few of the scams, the Bitcoin and Ethereum addresses used have generated a total of $39,628.06 so far.

Some of the cryptocurrency addresses used in these scams are listed below:

Ethereum:

• 0xc77Ec8E5bbB723e6cEa13fD33bfF53262bb02b86 - 0.118890894374483125 Ether
• 0xE1a6d4699Bd6520ADdEcD46b52dd2eFC833142ED - 0.915305158603885603 Ether

Bitcoin:

• 1MoP7JTQuJE8K9pv8mV9uwo5efCgRtLYNU - 0.02196955 BTC
• 1MUSK2xaUCQmdEM8DrUJQ9RSgTdLqnKium - 0.54653960 BTC
• 1Musk7UAHXM6YBtccdaqK7ttsRxSTUSDVH - 0.11815051 BTC

Unfortunately, the scammers currently use many more cryptocurrency addresses, so the amount generated is probably far more significant.