Pantheon Books enjoys one of Twitter’s little blue badges that lets the public know it’s authentic. Around Nov. 5, the verified account appears to have been hacked and modified to look like the personal account of Elon Musk. Then a tweet claimed that Musk was giving away 10,000 bitcoins ($64 million) to people who deposited between 0.1 bitcoin ($640) and 2 bitcoin ($13,000) into a specific account.
Within hours, the QR code that “Musk” listed in the hijacked post had collected more than $150,000 in 326 transactions. The fraudulent cryptocurrency tweet from the @PantheonBooks handle has since been taken down, and Twitter said it was working to restore the account.
Scammers using Musk’s likeness to collect cryptocurrency on the internet is nothing new. In September, Musk asked the creator of Dogecoin, Jackson Palmer, to block spammers. After passing along some code to help do this, Palmer said he and Musk had discussed how Twitter and its CEO, Jack Dorsey, “should definitely automate and fix this problem on their end though. “
Recently, fraudsters have shifted tactics to hijacking verified accounts, and using promoted tweets to peddle their scams. These advertisements reach far more people than the would organically. While Twitter regularly culls fraudulent accounts from the service, organized fraud networks remain a problem.
At the Black Hat cybersecurity conference this August, computer researchers at Duo Security said an analysis (pdf) of 88 million Twitter accounts between May and July 2018 revealed a huge bot-net that was actively promoting cryptocurrency scams. It found that a network of 15,000 accounts was used to steal legitimate accounts, share fake links, and then amplify them by linking to them through other automated accounts.
Twitter said in June that it was ramping up its efforts to combat fraud. The company had identified and challenged more than 9.9 million “potentially spammy or automated accounts per week” the month before, and claimed it’s trying to ensure that even if scammy content is posted, it never reaches most viewers.
Twitter told Quartz that it’s been stepping up efforts specifically to root out cryptocurrency scams. “In recent weeks, impressions have fallen by a multiple of 10 as we continue to invest in more proactive tools to detect spammy and malicious activity,” spokeswoman Liz Kelley said via email. “This is a significant improvement on previous action rates…In most cases, our enforcement teams are detecting this activity and taking these down before they’re reported.”