back to top

Twitter Is Still Allowing Scammers To Hijack Verified Accounts To Take People’s Money

Unlike past versions of Twitter cryptocurrency phishing, @TronFoundationl is different: It has a verification badge, the blue check mark that Twitter uses to delineate famous or important accounts from imposters.

Originally posted on
Updated on

These types of scam accounts imitate real accounts and ask followers to send them bitcoin or ether. Often, these scammers promise those that send digital currency that they’ll receive as a reward four or five times the amount of money they put in.

Fortunately, these scammers are usually easy to spot: their usernames have extra letters or symbols, and the accounts were only recently created.

But unlike past Twitter cryptocurrency phishing schemes, TronFoundationl is different: It has a verification badge, which is the a blue check mark that Twitter uses to delineate famous or important accounts from imposters.

Some online have noticed as well.

Apparently somehow this fake acct got verified by @Twitter @TwitterSupport Seems like Twitter doesn’t care except t…


TronFoundationl’s verification hijacking marks the latest in innovation in cryptocurrency scamming. Since the account is legitimately verified by Twitter, it's much more likely to be trusted than other scams, making people more susceptible to falling for its donation ploys.

Adding to the confusion, the FAKE Tron account has perfectly copied the REAL Tron's pinned tweet, which warns users to look out for imposter accounts. The result is an online scam inception of sorts — where the FAKE account is warning users to watch out for fake accounts.

Geoff Golberg, a Twitter user who frequently calls out bot and scam accounts, was one of the first to spot the Tron fake. "I saw it was a verified account so immediately was intrigued. To me, it was clear it was a scam, given that I have been encountering these for quite some time," he told BuzzFeed News. "But to others, given the verified account, I could totally see people falling for it."

And it appears people are falling for the scam. Here's an example of @TronFoundationl replying to a tweet by Justin Sun, the real founder of Tron on Friday afternoon.

In its reply, the FAKE Tron account links to its cryptocurrency wallet address and solicits donations. The blue checkmark sits besides the Tron foundation name, making it look legitimate. The fake tweet has over 200 likes and retweets


So how did @TronFoundationl get verified? A quick scroll through its Twitter feed suggests that the scammers running @TronFoundationl took over the account from a company called LiteracyBridge, an nonprofit based in Seattle, Washington. According to the cached version of its Twitter page and its current Facebook account, LiteracyBridge is an organization focused on "Improving the health, income & quality of life for the world’s most underserved communities by providing life-changing knowledge through innovative technology."

And here is @TronFoundationl's account. After its three most recent tweets, the account picks up where @LiteracyBridge left off — the old tweets are still up and identical to those on the cached @LiteracyBridge page.

Shortly after BuzzFeed News reported @Tronfoundationl to Twitter, the account was taken down. A version of @LiteracyBridge was reinstated in its place. Literary Bridge could not immediately be reached for comment — a phone line listed on its Facebook page was dead.

And @LiteraryBridge doesn't seem to be the only verified account that's been repurposed for a scam.


It's unclear how the scammers took over the verified accounts, but some signs point to a hack.


Hijacking verified accounts and using them to scam users is, of course, is highly unusual. Normally, Twitter’s standard policy is that when a verified account changes its user name, it is stripped of its verification in order to prevent bad actors from taking over an account and exploiting its verification.

Please note: changing your username will result in losing your badge. Questions? File request at we'll get to it ASAP!

Twitter did not explain why the verified accounts were allowed to stay verified after changing usernames. A spokesperson told BuzzFeed News on Friday that it is investigating the changed usernames and noted, "we strongly encourage everyone to use login verification for account security. Also, if an account changes its username, it should lose its verified status. Any instance of this not occurring is an error."

On Saturday and Sunday, Twitter users continued to spot verified accounts that had been hijacked. Scammers began posing as Binance, a popular cryptocurrency exchange, which has a verified twitter handle, @binance_2017.

Seems to be another compromised + verified account @jack (previous one I reported as fake @binance_2017 account too…

In most cases, the hackers did not change the handles of the accounts, but did alter everything else, including the display name, to imitate Binance's account. The accounts kept their verified check marks. On Monday, the company declined to clarify what "error" allowed verified accounts that changed their handles to keep their check marks.

Also, following the original publication of this article, the owner of the the hacked @adaxnik account, Nik Thakkar, regained access after a week of attempting to convince Twitter that he was indeed the real owner. Thakkar told BuzzFeed News that the account for his London-based fashion brand was verified a few years ago after he worked on a live stream collaboration with the social media company. Following its verification, he sporadically tweeted and did not use two-factor authentication to login. He was unsure how hackers gained access.

Thakkar sent BuzzFeed News direct messages that the hacker had with one of his friends. That friend was using an unverified impostor account pretending to be Sun, @justinsontronnn, and was impressed that the hacker been able to obtain access to a handle with a blue check mark.

In other messages that were exchanged last Tuesday and Wednesday, the scammers talked about their cryptocurrency investment strategies and who they should impersonate next, including the Litecoin Foundation, Litecoin creator Charlie Lee, and the founder of Binance. At one point, the hacker claimed that he made $10,000 in one day.

On Monday, Twitter CEO Jack Dorsey said that "we discovered this and are fixing the process."

In recent months Twitter has made changes to the verification process; in November the company suspended all verification indefinitely after the social network verified Jason Kessler, a white supremacist who organized the Unite the Right rally last August in Charlottesville that resulted in the death of counterprotester Heather Heyer. "We realized some time ago the system is broken and needs to be reconsidered," said CEO Jack Dorsey.

about 72 hours after @RMac18 and I wrote about bitcoin scammers hijacking verified accounts and conning people out…


This post has been updated with a statement from Twitter, additional information about accounts that were hijacked on Saturday and Sunday, and photos from a hacker's direct messages.

Charlie Warzel is a senior writer for BuzzFeed News and is based in New York. Warzel reports on and writes about the intersection of tech and culture.

Contact Charlie Warzel at

Ryan Mac is a senior technology reporter for BuzzFeed News and is based in San Francisco. He reports on the intersection of money, technology and power.

Contact Ryan Mac at

Got a confidential tip? Submit it here.