In an effort to steal innocent people’s money, scammers employ social media accounts that impersonate firms and figures within the cryptocurrency world. While criminals initially focused their efforts on impersonating major crypto-companies and crypto-celebrities, the trend has shifted this year, with younger firms impersonated regularly, often more frequently than their better-established counterparts. Twitter and Telegram seem to be the platforms of choice for many fraudsters; of course, however, impersonation occurs on other platforms as well.
In early 2018 we saw attempts to impersonate Charlie Lee, the founder of Litecoin; someone, for example, posted a response to a Tweet by the real Charlie Lee, whose verified Twitter handle is @SatoshiLite and who lists his name as “Charlie Lee [LTC]”, while using the same name and the nearly-identical handle, @SatoshiLitev (of course, the fraudulent handle is not verified). The response solicited donations – and contained a promise that Lee would repay people ten times the amount that they donated:
“I am donating 240 Litecoin to the LTC community. First 60 transactions with 0.4 LTC sent to the address below will each receive 4 LTC to the address the 0.4 LTC came from LdJsGa9NLzL7QkkLzEkMsn94UodEfZKLUz Claim your LTC now!”
Of course, @StaoshiLitev was not Charlie Lee, and the promise of repayment was worthless. Yet plenty of money was sent to the crook’s address – all of which was quickly sent elsewhere by the scammer.
Similarly, bogus accounts requesting small donations in return for future payments of much larger amounts were found early in the year impersonating the cryptocurrency, Ripple (which has the Twitter verified account @Ripple), as well as Ripple’s founder, Brad Garlinghouse (who uses the verified Twitter account, @bgarlinghouse), and the cryptocurrency, Ethereum (verified Twitter account @ethereumproject), and its founder, Vitalik Buterin (verified Twitter account @VitalikButerin).
As the year progressed, however, many smaller firms, and less known founders, experienced similar online impersonation – often during ICOs or right after a token became transferable. I have personally notified Twitter of many dozens of such accounts impersonating companies that I advise.
So, here are some guidelines to help you stay safe:
Do not follow instructions in any Tweet asking you to send cryptocurrency of any sort to any address.
Instead, as I discussed regarding cryptocurrency-targeted phishing attacks, always verify both the address to, and the reason for which, you plan to send payment for any cryptocurrency-related matter by comparing the two to the address and offer listed on the official website of the intended party. Also check that the address matches the one listed in any prior, known-to-be-legitimate correspondence from that party. Ideally, also confirm the address and offer by contacting the relevant party at a known valid contact address or phone number. If anything does not match perfectly – and by perfectly, I mean perfectly – or something seems amiss, proceed with caution, or do not proceed at all.
Additionally, consider that most major cryptocurrency issuers and figures have verified Twitter accounts – so, if you see that a post from a major cryptocurrency issuer or celebrity was made by an unverified account, take an extra look at the account’s handle, and confirm via the party’s website that you are, in fact, reading a post that was actually made by the party that appears to have made it.
One more interesting note – the majority of the scams that I have seen include some classic-scam-element of time pressure – either offering some special reward to the first X people to make a “donation,” or stating that an exclusive offer expires in just X hours. Creating a sense of urgency is a tactic that scammers have used since time immemorial – don’t fall prey.
Remember, cryptocurrency is, in some ways, the new “Digital Wild West” – so, stay safe!
(This is an updated version of an article that appeared on the Inc. Magazine website in January.)