Elon Musk Verified Twitter Giveaway: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/elonmuskverifiedtwittergiveaway.php}} thumb|TwitterOne way that people often use to determine the legitimacy of Twitter accounts is the verified "checkmark" next to the username. To exploit this, hackers managed to compromise accounts of Twitter users who had verified accounts. These accounts were either renamed to impersonate Elon Musk (keeping the checkmark) and post a...")
 
No edit summary
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/elonmuskverifiedtwittergiveaway.php}}
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/elonmuskverifiedtwittergiveaway.php}}
{{Unattributed Citations}}


[[File:Elonmuskscam.jpg|thumb|Twitter]]One way that people often use to determine the legitimacy of Twitter accounts is the verified "checkmark" next to the username. To exploit this, hackers managed to compromise accounts of Twitter users who had verified accounts. These accounts were either renamed to impersonate Elon Musk (keeping the checkmark) and post a "giveaway" scam, or made to tweet out comments indicating that they'd given funds and received back more from the "giveaway". The "giveaway" scam works by asking users to send funds to the attacker's address, with the promise they'll received more funds back. No funds are ever sent back and the attacker simply keeps the funds.
[[File:Elonmuskscam.jpg|thumb|Twitter]]One way that people often use to determine the legitimacy of Twitter accounts is the verified "checkmark" next to the username. To exploit this, hackers managed to compromise accounts of Twitter users who had verified accounts. These accounts were either renamed to impersonate Elon Musk (keeping the checkmark) and post a "giveaway" scam, or made to tweet out comments indicating that they'd given funds and received back more from the "giveaway". The "giveaway" scam works by asking users to send funds to the attacker's address, with the promise they'll received more funds back. No funds are ever sent back and the attacker simply keeps the funds.


This is a global/international case not involving a specific country.
This is a global/international case not involving a specific country.
<ref name="thenextweb-7372" /><ref name="thenextweb-7373" /><ref name="jeffjohnrobertstwitter-7374" /><ref name="owasp-7375" /><ref name="beebom-7376" /><ref name="fs0c131ytwitter-7377" /><ref name="fs0c131ytwitter-7378" /><ref name="fs0c131ytwitter-7379" /><ref name="jasontwitter-7380" /><ref name="thehackersnewstwitter-7381" />


== About Twitter ==
== About Twitter ==
Line 77: Line 79:


Don't Include:
Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
* Anything that wasn't reasonably knowable at the time of the event.
Line 99: Line 100:
|-
|-
|November 5th, 2018 6:57:00 AM
|November 5th, 2018 6:57:00 AM
|First Event
|Main Event
|This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|-
|
|
|
|-
|-
|
|
Line 112: Line 109:


== Total Amount Lost ==
== Total Amount Lost ==
The total amount lost is unknown.
The total amount lost has been estimated at $180,000 USD.


How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Line 123: Line 120:


== Total Amount Recovered ==
== Total Amount Recovered ==
It is unknown how much was recovered.
There do not appear to have been any funds recovered in this case.


What funds were recovered? What funds were reimbursed for those affected users?
What funds were recovered? What funds were reimbursed for those affected users?
Line 131: Line 128:


== Prevention Policies ==
== Prevention Policies ==
 
Which policies could have prevented this event from happening?


== References ==
== References ==
[https://thenextweb.com/news/india-bitcoin-twitter-musk India’s national disaster authority hacked to promote Bitcoin scams] (Mar 15)
<references><ref name="thenextweb-7372">[https://thenextweb.com/news/india-bitcoin-twitter-musk India’s national disaster authority hacked to promote Bitcoin scams] (Mar 15, 2022)</ref>


[https://thenextweb.com/news/cryptocurrency-twitter-scam-musk US and Israeli politicians hacked to promote 'Elon Musk' Bitcoin giveways] (Mar 15)
<ref name="thenextweb-7373">[https://thenextweb.com/news/cryptocurrency-twitter-scam-musk US and Israeli politicians hacked to promote 'Elon Musk' Bitcoin giveways] (Mar 15, 2022)</ref>


[https://twitter.com/jeffjohnroberts/status/1059444648069025794 @jeffjohnroberts Twitter] (Mar 20)
<ref name="jeffjohnrobertstwitter-7374">[https://twitter.com/jeffjohnroberts/status/1059444648069025794 @jeffjohnroberts Twitter] (Mar 20, 2022)</ref>


[https://www.owasp.org/index.php/Credential_stuffing https://www.owasp.org/index.php/Credential_stuffing] (Mar 21)
<ref name="owasp-7375">[https://www.owasp.org/index.php/Credential_stuffing https://www.owasp.org/index.php/Credential_stuffing] (Mar 21, 2022)</ref>


[https://beebom.com/john-mcafee-twitter-hacked-cryptocurrency/ John McAfee Claims Twitter Account Hacked Despite 2-Factor Authentication | Beebom] (Mar 21)
<ref name="beebom-7376">[https://beebom.com/john-mcafee-twitter-hacked-cryptocurrency/ John McAfee Claims Twitter Account Hacked Despite 2-Factor Authentication | Beebom] (Mar 21, 2022)</ref>


[https://twitter.com/fs0c131y/status/1062271075906674689 @fs0c131y Twitter] (Mar 21)
<ref name="fs0c131ytwitter-7377">[https://twitter.com/fs0c131y/status/1062271075906674689 @fs0c131y Twitter] (Mar 21, 2022)</ref>


[https://twitter.com/fs0c131y/status/1062268631659229184 @fs0c131y Twitter] (Mar 21)
<ref name="fs0c131ytwitter-7378">[https://twitter.com/fs0c131y/status/1062268631659229184 @fs0c131y Twitter] (Mar 21, 2022)</ref>


[https://twitter.com/fs0c131y/status/1062268628442202112 @fs0c131y Twitter] (Mar 21)
<ref name="fs0c131ytwitter-7379">[https://twitter.com/fs0c131y/status/1062268628442202112 @fs0c131y Twitter] (Mar 21, 2022)</ref>


[https://twitter.com/Jason/status/1062034660966850560 @Jason Twitter] (Mar 21)
<ref name="jasontwitter-7380">[https://twitter.com/Jason/status/1062034660966850560 @Jason Twitter] (Mar 21, 2022)</ref>


[https://twitter.com/thehackersnews/status/1059558333986861056 @thehackersnews Twitter] (Mar 21)
<ref name="thehackersnewstwitter-7381">[https://twitter.com/thehackersnews/status/1059558333986861056 @thehackersnews Twitter] (Mar 21, 2022)</ref></references>

Revision as of 01:48, 17 February 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Twitter

One way that people often use to determine the legitimacy of Twitter accounts is the verified "checkmark" next to the username. To exploit this, hackers managed to compromise accounts of Twitter users who had verified accounts. These accounts were either renamed to impersonate Elon Musk (keeping the checkmark) and post a "giveaway" scam, or made to tweet out comments indicating that they'd given funds and received back more from the "giveaway". The "giveaway" scam works by asking users to send funds to the attacker's address, with the promise they'll received more funds back. No funds are ever sent back and the attacker simply keeps the funds.

This is a global/international case not involving a specific country. [1][2][3][4][5][6][7][8][9][10]

About Twitter

"A widespread scam pretending to be from Elon Musk and utilizing a stream of hacked Twitter accounts and fake giveaway sites is being pulled off by attackers hacking into verified Twitter accounts and then changing the profile name to "Elon Musk". They then tweet out that he, being Elon, is creating the biggest crypto-giveaway of 10,000 bitcoins."

"Plunging value of bitcoin and other cryptocurrencies has not stopped scammers from impersonating famous personalities or taking over verified accounts on Twitter. These scams have been going on for months and are most evident with every tweet from Elon Musk. despite the social media company’s promise to curb them. Now the scammers are targeting verified accounts – those with the coveted blue tick – to spread the fraud."

"One of the most common methods of breaking into verified accounts is credential surfing in which previously leaked passwords are automatically used in multiple attempts to break through verified accounts. Twitter has urged users to use two-factor authentication in order to prevent such hacks."

"These scammers follow a set pattern and are pretty easy to spot. The sabotaged accounts usually solicit users to send small amounts of cryptocurrencies in exchange for a bigger reward as part of a giveaway. Twitter reportedly said that the platform has improved ways of handling these scams related to cryptocurrencies and is trying to crub their reach to people."

"I'm giving 10 000 Bitcoin (BTC) to all community! I left the post of director of Tesla, thank you for your support! I decided to make the biggest crypto-giveaway in the world, for all my readers who use Bitcoin. Participate in giveaway."

"Even worse, these posts are being promoted through Twitter advertising in order to give them wider visibility and to add legitimacy."

"The sites that these fake profiles are promoting include musk[.]plus, musk[.]fund, and spacex[.]plus, which state that all a user has to do is send .1 or 3 BTC to the listen address in order to get 1-30 times in bitcoins back."

"The cryptocurrency market is going through a rough patch, but this isn’t stopping scammers from duping people out of their funds."

"To verify your address, send from 0.1 to 3 BTC to the address below and get from 1 to 30 BTC back!"

"BONUS: Addresses with 0.30 BTC or more sent, gets additional +200% back!"

"Payment Address: You can send BTC to the following address."

"1KAGE12gtYVfizicQSDQmnPHYfA29bu8Da"

"Waiting for your payment..."

"As soon as we receive your transaction, the outgoing transaction will be processed to your address."

"[I]n a single day, these scammers have received 392 transactions to the bitcoin address 1KAGE12gtYVfizicQSDQmnPHYfA29bu8Da for a total of 28 bitcoins or approximately $180,000 USD."

"Some of the victims of the scam in the past few months include Israeli politician Rachel Azaria and Ben Allen, the state senator from California. National Disaster Management Authority (NDMA) of India also fell prey to these scammer robots." "To help perpetuate the scam, the attackers hacked into official government Twitter accounts such as the Ministry of Transportation of Colombia and the National Disaster Management Authority of India. These accounts were then used to promote the scam by stating that they sent bitcoins and received more coins back." "[A]ttackers [also] hijacked the official accounts of Europe’s second largest film company and popular fashion retailer Matalan."

"Disastrous! #Indian National Disaster Management Authority's verified twitter account has been hacked (along with a few other verified accounts), which is being used to aid #cryptocurrency scams pushed via verified account impersonating #ElonMusk.... very convincing."

"It’s worth pointing out that unlike other similar incidents, the hackers did not post any malicious links directly from the NDMA’s account; instead, they used the account to respond positively to malicious links posted from other accounts, perhaps in an effort to make them look more legit."

“I sent 0.30 BTC and got 6 BTC back,” one of NDMA’s tweets read. “Elon, you are the best person I have ever seen in my life,” another said, likely responding to one of the many fake Elon Musk accounts propagating malicious giveaway links.

"The cryptocurrency market is going through a rough patch, but this isn’t stopping scammers from duping people out of their funds. Hackers took over the official Twitter account of India’s National Disaster Management Authority (NDMA) to promote blatant Bitcoin giveaway scams – a trend that’s been plaguing social media for months now.

It’s worth pointing out that unlike other similar incidents, the hackers did not post any malicious links directly from the NDMA’s account; instead, they used the account to respond positively to malicious links posted from other accounts, perhaps in an effort to make them look more legit.

“I sent 0.30 BTC and got 6 BTC back,” one of NDMA’s tweets read. “Elon, you are the best person I have ever seen in my life,” another said, likely responding to one of the many fake Elon Musk accounts propagating malicious giveaway links.

"The good thing is the NDMA social media team has since managed to reclaim control of its account. All malicious tweets have been wiped, but the NDMA has yet to address the mishap."

The scheme "earned scammers over 28 bitcoins or approximately $180,000 in a single day."

"To battle the issue, renowned French ethical hacker who goes by the alias Elliot Alderson created a bot to report cryptocurrency scammers on Twitter."

"When BleepingComputer contacted Twitter regarding this scam, we were given this statement by a Twitter spokesperson."

"We don’t comment on individual accounts for privacy and security reasons. Impersonating another individual to deceive users is a clear violation of the Twitter Rules. Twitter has also substantially improved how we tackle cryptocurrency scams on the platform. In recent weeks, user impressions have fallen by a multiple of 10 in recent weeks as we continue to invest in more proactive tools to detect spammy and malicious activity. This is a significant improvement on previous action rates."

"Last week, scammers pretended to be Tesla CEO Musk by sabotaging verified accounts of Matalan and Pantheon Books. This week, two more accounts that were targeted include those of a UK-based apparels brand Farah, and the Australia division of consulting firm Capgemini." "The account of Indian B2B marketplace IndiaMART could also be seen sending out these deceiving tweets. The company’s account was hacked and scammers managed to post a few bitcoin-related tweets before the account cleaned up the offending posts."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Elon Musk Verified Twitter Giveaway
Date Event Description
November 5th, 2018 6:57:00 AM Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost has been estimated at $180,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

Which policies could have prevented this event from happening?

References

  1. India’s national disaster authority hacked to promote Bitcoin scams (Mar 15, 2022)
  2. US and Israeli politicians hacked to promote 'Elon Musk' Bitcoin giveways (Mar 15, 2022)
  3. @jeffjohnroberts Twitter (Mar 20, 2022)
  4. https://www.owasp.org/index.php/Credential_stuffing (Mar 21, 2022)
  5. John McAfee Claims Twitter Account Hacked Despite 2-Factor Authentication | Beebom (Mar 21, 2022)
  6. @fs0c131y Twitter (Mar 21, 2022)
  7. @fs0c131y Twitter (Mar 21, 2022)
  8. @fs0c131y Twitter (Mar 21, 2022)
  9. @Jason Twitter (Mar 21, 2022)
  10. @thehackersnews Twitter (Mar 21, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Elon_Musk_Verified_Twitter_Giveaway&oldid=2029"