24 July 2020
Bitcoin Doubler Scam Tweeted from Hacked High-Profile Twitter Accounts
On July 15, a Bitcoin Doubler scam was promoted from numerous Twitter accounts of public figures, high-profile cryptocurrency exchanges and various "trusted" entities which were all taken over by hackers.
Among the hacked Twitter accounts were Binance including it's CEO Changpeng Zhao, CoinDesk, Coinbase, Kucoin, Tron Founder Justin Sun, AngeloBTC, and Gemini. The compromised Twitter accounts were most likely taken over by the same entity. The scam was simple enough, as each breached account posted or retweeted the same post:
“We have partnered with CryptoForHealth and are giving back 5000 BTC to the community.
See more here : http://cryptoforhealth.com”
The tweets have been removed and cryptoforhealth.com has been taken down.
The scam consisted of the website claiming to run a 5,000 BTC giveaway under the condition that the target sends 0.1 BTC to 20 BTC to the contributor address, and CryptoForHealth will then double the amount and send it back. This is a typical Bitcoin Doubler scam, where no BTC was ever sent back and the target will lose all BTC they have sent. The address the scammers posted is bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh.
After the first Tweets and reposts of the scam, other breached high-profile accounts such as Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, and Uber started referencing the Bitcoin Doubler Scam directly and, instead of redirecting the victims to a website, included the BTC deposit address. Subsequently, the amount of Bitcoin in the scammer address skyrocketed.
The full list of addresses can be found below.
- 38qyALcxSnfzaFFTnt46xHMTN3GCGanKXC BTC
- bc1q0kznuxzk6d82e27p7gplwl68zkv40swyy4d24x BTC
- rhYSX8qSpoU7Dwjh6vMSuACu8MBECn6bQR XRP
- bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh BTC
- 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF BTC
- 1AXRMCHu2yCTHJGcaaCBmWAzXCWmo7RKFx BTC
- bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l BTC
The majority of bitcoin went to bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. This address received 12.86204920 BTC and sent only 0.00859729 BTC since 6:30 pm PST. bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh, about $125,000 USD total from over 430 victims:
- 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF (7.40 BTC)
- bc1qjjcc4ylp9yfn04m34wzlscp5q2rpyu89rmqslf (4.29 BTC)
- bc1q5w26m2g5ja4jzplpj7p93enf6r4yjcnc5yea6s (0.76 BTC)
- bc1q6l86kvwg4kr75w5ac9j30dn8363kcr8rde35dn (0.54 BTC)
- bc1q4089hk7vu47qlwcf4tjthwgw8l7yz72hpkg3k4 (0.54 BTC)
The scammer (or scammers) has not attempted to move the procured funds to any cryptocurrency exchanges or other fiat off-ramps as of yet.
What caused the Twitter Breach? Twitter stated that the likely cause of the breach was “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” Twitter is investigating what information hackers may have accessed or other malicious activities they may have conducted. As claimed by Twitter, significant steps have been taken in order to limit access to internal systems as the investigation continues and Twitter will be updatating the public on the situation.
Crypto Users Getting Harder To Scam Fooling users by using high-profile Twitter accounts was undoubtedly well thought out, however, the scammed amount was extremely small when the vast reach of compromised accounts is taken into consideration. This might be an indication that the industry has taught it's users well, as proper AML practices at exchanges have been preventing new users from sending their coins to the scammers at the peak of the scam. Crypto users are certainly becoming more informed and careful when it comes to such common crypto scams.
Since it is nearly impossible to open an account at an exchange which is somewhat reputable and deposit and transfer funds in a single day, even through ACH transfers, it is more likely that most victims of the scam already had accounts open at crypto exchanges. Other exchanges with more lax user policies where accounts could be opened more quickly would typically request fiat deposits in wires, not ACH. The new accounts would be unable to trade crypto until the wires clear, or up to 3 days. It is likely that such practices prevented the hacker(s) from scamming people that weren't in possession of any cryptocurrency or have been maintaining exchange accounts.
The hacker(s) actually received a very limited amount of funds, despite compromising trusted and high-profile crypto-related and celebrity twitter accounts, which also signifies that such known and common scams are easily recognized by an average crypto user. Criminals often propagate Bitcoin Doubler scams over social media. Using trusted crypto, fintech, political and other high-profile Twitter accounts is quite a novelty, but majority of users just wouldn't fall for the trick. The toll this elaborate scam took was $125,000 USD from over 430 victims, with high profile, non-crypto related, compromised accounts being the key catalyst. The users that did fall for the scam were most likely much less familiar with crypto scams of similar nature.
List of Hacked Accounts Crypto Related Accounts:
- Charlie Lee
- Justin Sun
- Barack Obama
- Benjamin Netanyahu
- Bill Gates
- Elon Musk
- Jeff Bezos
- Joe Biden
- Kanye West
- Kim Kardashian West
- Mike Bloomberg
- Twitter Support