New Twitter Scam Can Steal Money in Your Crypto Wallet, What Is It?

Kaspersky discovered a new crypto scam on Twitter (photo: Kaspersky)

JAKARTA - Kaspersky researchers have uncovered a recent spam campaign spreading via direct messages (DM) on Twitter and stealing cryptocurrency from affected users.

As one of the most popular social networks in the world, with nearly 400 million monthly active users, it's no wonder that Twitter has become a medium for fraudsters to carry out their actions.

In this case, the foreigner will ask for urgent help like, he has difficulty accessing his account on the cryptocurrency exchange, so he asks you to help withdraw some cryptocurrency from his wallet.

In the message, he specifies the domain to log into, username, password and the amount of cryptocurrency in his wallet, often in the hundreds of thousands of dollars.

Kaspersky experts suggest that, possibly, the stranger promised the victim a small amount of money in return for the assistance provided. However, this is just a trap to target as many users as possible.

By following the shared domain, the victim will end up on a site claiming to be an investment platform. After entering the given username and password, the user logs into the stranger's account, where the specified amount is indeed available.

To withdraw currency, victims are asked to provide their own wallet address, blockchain, and, surprisingly, an additional password. However the victim does not have this additional password.

As such, the platform offers victims a way to transfer funds directly within the system, by simply creating an account with VIP status for a small fee. After the victim registers and enters his crypto wallet data to pay for VIP status, the funds are stolen from his account.

“The above scheme is the first time we have come across, where an attacker pretends to be a fool on Twitter and enlists the help of a random user/victim to help them withdraw money from a cryptocurrency wallet to actually steal coins from the victim's account,” said Andrey Kovtun, security expert at Kaspersky from a statement received in Jakarta.

Andrey also added that you can tell this site is fake by the appearance of the site which looks suspicious where the pages are poorly laid out with an unattractive design, and the contact list only consists of e-mails, and not the name and photo of the creator of the platform site.