Over the years, it has become a known fact for anyone dealing with cryptocurrencies that scams are running rampant. However, as more novice players enter the market, more scammers up their tactics to take advantage of unsuspecting Bitcoin enthusiasts with fake Bitcoin giveaways and other elaborate schemes.
Recently, a new bout of scammers has emerged with even more sophisticated and aggressive tactics. As evident through most reports, the scammers are taking advantage of popular social media platforms like YouTube and Twitter to capture their victims. For instance, on July 13 Charles Hoskinson who is the founder of Cardano warned about a YouTube account that has been promoting fake giveaways of Cardano (ADA).
Most recently a sizable attack targeting high profile twitter accounts has exposed the inherent security risks on major social media platforms. As Cointelegraph reported, potentially thousands of people got scammed out of their Bitcoin after several prominent and verified twitter accounts were hacked to promote a fake Bitcoin giveaway. The scammers managed to reach an estimated 350 million people making away with about $110,000 in a matter of hours.
In almost every twitter account belonging to a prominent individual, the audience was encouraged to send $1,000 in Bitcoin to a specified address to receive $2,000 as a free giveaway.
YouTube falls captive
Apart from Twitter, YouTube has also proven itself to be one of the favorite tools for scammers. According to a report published on July 10 by Whale Alert, one scam project that operated in June 2020, made away with more than $120,000 in a day by using a single-page website and YouTube advertising to lure unsuspecting victims.
Cardano’s CEO, Charles Hoskinson warned against scams promoting fake Cardano giveaways on YouTube. In a tweet, the founder of Cardano said that “a scam has been floating around using my conference keynote to promote a giveaway,” he added: “This is a scam. Please report it to YouTube. We will take legal action if we can against those responsible.” Although YouTube has since deleted the video, Hoskinson retweeted that there were still YouTube adverts promoting the scams.
Ripple’s CEO Brad Garlinghouse has also been targeted by impersonators who hack and rename YouTube channels as “XRP Giveaways” eventually fleecing millions from unwitting XRP holders. In response, Ripple has filed a lawsuit against YouTube for allegedly profiting from the actions of the scammers while having the ability to stop them.
In another case of scams on YouTube, a number of victims were lured into a pyramid scheme in early June after promises of a possible 200% payback for their bitcoin donation to a YouTube account named “SpaceX.”
According to reports, the scammer managed to get away with 15.3 BTC. Bleeping Computer reports that the scammers operate by hacking existing youtube channels, changing their channel name to SpaceX and publishing archived footage of Elon Musk (or any other public figure) to make it look like Musk’s archived speeches are live.
While the legitimate SpaceX channel has over 4 million subscribers, two of the channels hijacked by the scammers had 130,000 subscribers and 230,000 subscribers thereby giving the viewers the appearance of a legitimate following. Each of the fake SpaceX channels asked its viewers to send bitcoin to a specified address.
To further promote the fake youtube live streams to a wider audience the scammers used bots to scale up the number of viewers on the live streams thus giving an impression to the YouTube algorithm of a viral video.
With a combination of socially engineered tricks and boosted viewership from bots, the scammers managed to get their videos on top of youtube searches especially for keywords related to prominent individuals like Jack Ma and Elon Musk. Even though YouTube has since responded by taking down hacked channels that promoted the scams.
Whale Alert reports that giveaway scams find it easy to use the identities of celebrities to lure large audiences with the help of tools such as YouTube advertising. An affiliated service Scam Alert has reported that since the start of the year, the outfit reports that more than 20 million in Bitcoin has been stolen.
The Scam Market is evolving
As it seems, scammers are using increasingly aggressive tactics in the form of fake companies with dozens of websites and fake social media accounts to promote their schemes. Dominik Scheiner, the co-founder of the IOTA foundation told Cointelegraph: “These Crypto Scams on social media have become a lot more sophisticated and aggressive over the last few months. The fact that they are continuing, clearly shows that these scams are working.”
True to Schiener’s concerns, Whale Alert reports that prominent Giveaway scams that feature celebrities like Elon Musk as well popular exchanges can net upwards of $300,000 US dollars. As scammers increasingly change their methods by using professional teams to increase the quality of their attacks, experts warn that it is just a matter of time before ‘deep fake’ techniques are introduced to the scam market.
Last year, Jack Dorsey’s account was hacked amid assurances from Twitter that the flaw was fixed. The recent bout of attacks, however, reveals that there are still many vulnerabilities on the platform. As to the reason why Twitter and YouTube are attractive tools for scammers, Schiener believes it’s due to their popularity:
“A comment on a popular tweet or YouTube video might be seen by thousands of people, making it easier to succeed with these scams. Also, nearly all social media platforms today lack better moderation tools and policies.”
According to Schiener popular social media platforms cannot get rid of fake or harmful content and unless these platforms implement “better content moderation tools, these scams will only increase and further evolve.”
Alternative solutions?
With the U.S. presidential elections fast approaching, tight security measures on all major social media platforms are needed more than ever. Schiener mentioned that the recent bout of scams showcased that digital identities with verifiable credentials based on a distributed chain are a real way to fight back. With a DLT identity and verification system, Schiener explains that it is impossible to “impersonate another person’s identity or fake a credential” as the data is immutable and verifiable using KYC systems.
The notion of self-sovereign identity and verification systems are designed to give the user control over their information. Self-sovereign identity offers a solution to standard identity verification systems that cluster a user’s information on central servers creating massive vulnerabilities. However, by placing self-sovereign identity and verification systems on a DLT, centralized, external and third-party control is removed thereby reducing the risk of widespread data breaches.
Despite the optimism around the transformative potential of DLT based identity verification systems, experts reveal that less than 10% of apps are expected to take on DLT solutions by 2023. Even though there are existing solutions and the sector has an estimated yearly growth of 35%, adoption is still slow. Some of the immediate solutions that social media platforms such as Youtube can adopt for now include, training its users on the platforms security risks. Also, YouTube can continuously monitor accounts on its platform to identify and stop any suspicious activity.
Scams revealing a rise in retail investors
The recent bout of hacks on YouTube has obviously eroded the trust of its users on the platform’s security. However, beyond the loss of trust, YouTube will likely face legal consequences given that the EU’s General Data Protection Regulation (GDPR) requires companies of its caliber to have top-notch security levels. In the past, other social media sites such as Facebook have also been called to attention to tighten their security and community management tools.
Already, YouTube is facing a lawsuit from Ripple’s CEO Brad Garlinghouse and the company’s attorneys for its failure to stop scammers and impersonators while benefiting from adverts that promote scams. So far, YouTube has responded that it is not liable for crypto scams perpetrated by third parties.
As the crypto scam market grows, its impact on people’s lives is increasingly becoming substantial. For most crypto and blockchain enthusiasts, scams have been their first introduction to the industry as the unregulated nature of the sector leaves room for scammers to go about unchecked.
Schiener suggests that the pandemic might have had a hand in giving rise to cybercrime in general as lockdowns around the world left many people out of work: “This meant that they had to work from less secure work environments and generally spend more time online. This gave scammers an obvious opportunity to increase their efforts.”
Additionally, Schiener opines that the rise in crypto scams could also be a signal indicating a rise in retail investors joining the crypto sphere. He adds, “Since many of these new investors are more novice, it’s much easier to trick them into a giveaway or more elaborate phishing schemes.”