What do @Eilon_Musk, @ElonMuski, @EloonMusk, @Elonn_Musk, and @Alon_Musk have in common? Two things, actually: One, none of them are the real Twitter account of Tesla CEO Elon Musk. And two, they are all trying to steal bitcoin.
Scammers impersonating tech CEOs, cryptocurrency evangelists, and even President Donald Trump are using a decades-old trick on Twitter and other social networks to dupe people for a quick buck. Much like the bogus and farcical Nigerian princes that once begged for a few hundred dollars in your email inbox, they appeal to basic human instincts — like greed or sympathy — to con people out of small sums of cryptocurrencies like bitcoin and ether. And they’re using marquee online real estate — including the replies section of @realDonaldTrump's Twitter account — and large automated networks of bot accounts to do it.
“I’m donating 250 BITCOIN! to the BTC community!” @ElonMuski tweeted Thursday in a reply to the billionaire’s real Twitter account. “First 250 transactions with 0.2 BTC sent to the address below will receive 1.0 BTC in the address the 0.2 BTC came from!”
These messages, which typically conclude with the numerical and alphabetic address of an online crypto wallet have begun popping up on Twitter in recent weeks. A cursory search of the social network conducted by BuzzFeed News uncovered 27 fake accounts promoting dubious bitcoin or ethereum “investments,” including 10 mimicking Musk and three pretending to be the president. “We're aware of this form of manipulation and are proactively implementing a number of signals to prevent these types of accounts from engaging with others in a deceptive manner,” a Twitter spokesperson said in a statement. The company began suspending accounts after BuzzFeed News inquired about them. Still, new accounts, including three more posing as Trump, popped up Friday morning and are still active.
While it’s hard to believe that anyone actually falls for these scams, cryptocurrency’s complex and unregulated nature makes them easy to perpetrate. And rapidly fluctuating prices mean that getting even just a handful of unsuspecting victims to send a sliver of a digital currency could mean a payday that’s worth a few thousand dollars.
“People actually do fall for this, and sometimes they fall for it twice,” said Marie Vasek, an associate professor at the University of New Mexico who has studied bitcoin scams almost since the digital currency’s inception. Once that virtual coin is sent to a wallet, she added, there’s no way of getting it back or finding the person who took it, which is what makes it so attractive to scammers.
The scam isn't exclusive to Twitter, but its most prevalent there, likely because of the easy anonymity the platform provides. And while Twitter did pledge to crack down on automated accounts following congressional inquiries about Russian bot interference in the 2016 US presidential election, scams like these and others suggest the company hasn’t yet solved the problem. Josh Emerson, an independent researcher who tracks and studies foreign bot accounts, provided BuzzFeed News with data showing a network of over 1,200 bots amplifying fake Elon Musk tweets touting the cryptocurrency scheme. “Obviously the protections in place for automated account creation are not working,” he said.
The new crypto scam works this way: Fake accounts imitating famous figures piggyback off tweets from real accounts. With a similar handle and identical avatar, the scammer’s tweet looks like the second in a legitimate thread, instead of two tweets from separate accounts. The bogus tweet is then amplified by bots that retweet it or reply to it claiming the scheme it touts worked.
Consider @roggerkver. The handle is nearly identical to @rogerkver, the verified Twitter account of early bitcoin enthusiast and investor Roger Ver. Though it lacks the blue verification check mark of the original, it's a reasonable doppelgänger in every other way — same bio, same avatar, same location, same header photo; it even features some tweets from the true Roger Ver account.
On Thursday morning, the fake @roggerkver account replied to the real @rogerkver account touting an offer of easy money: Send .02 bitcoin and the first 250 people will receive .4 bitcoin in return, but you must act in 24 hours!
By Thursday afternoon, the fake Ver tweet had amassed some 210 retweets and 493 likes from an array of accounts with common bot identifiers — low follower counts and Cyrillic display names. It had some dubious replies as well.
“Has received 0.4 BTC. Will there be other similar actions?” tweeted a weeks-old account named @BruininAlex to its 80 followers. Another account, featuring the stolen profile photo of former BuzzFeed employee Adam Ellis claimed to have received ether in return.
Since most cryptocurrency wallets are public, BuzzFeed News was able to view the contents of wallets associated with some of these scams. They all showed multiple deposits over the past week. But like most elements of crypto grift, things get murky quickly. Scouring the wallet deposits, it's impossible to tell if they were made by victims or by the scammers themselves as a way of convincing others to participate.
The botnets used in some of these scams are easier to chart. To demonstrate the size of the botnet, multimedia artist Erin Gallagher, who maps political hashtags and automated accounts, tracked and mapped the network for the copy-and-pasted scam phrases, "Hi guys! I'm donating 250 Ethereum to the ETH community!" and “donating Ethereum.”
The chart, which Gallagher shared with BuzzFeed News, shows the extent of the network; It features some 1,215 different tweets, all playing off the visibility of Musk’s real account.
Vasek attributed the believability of these scams to the fact that cryptocurrencies are still relatively new. When bitcoin first started to gain a following around 2011, some evangelists simply gave the digital currency away to encourage others to use it. There were bitcoin “faucets” that doled out the cryptocurrency as rewards for registering for a service or downloading an app. Some people assume those practices continue today, Vasek told BuzzFeed News.
In some cases, scammers play to a person’s emotions, claiming they've fallen on hard times. That sometimes happens on Telegram, a popular messaging app that has become a hub for the discussion of cryptocurrencies. Bobby Conrad, a 23-year-old college student from New Jersey, fell victim to one such ploy in a private Telegram group run by musician and DJ Justin Blau, a crypto enthusiast who sometimes asks fans to donate to charity in ether. In that group, someone pretending to be Blau solicited donations to a random wallet address, to which Conrad sent through .2 ether (about $172) with little hesitation.
“[It was] basically just an idiot move,” Conrad said, noting that he didn’t realize the fake Blau lacked the admin stamp next to his name. “I know [Blau] does donations with all his money and didn’t consider it being too good to be true.”
Some Telegram groups, like one for the crypto exchange Binance, now regularly post disclaimers cautioning against sending money to anyone who promises customer support in exchange for a small payment. On Twitter, however, there has been little messaging from the company, with Vasek noting that the platform's design — which tolerates fake accounts and anonymous users — as well as the lack of moderation, have allowed the scams to spread further than ever. “Users have to do the legwork instead of the platform, but it should be the other way around,” Vasek said.
Matt Stancliff, a freelance developer who’s been pointing out crypto scams popping up on Twitter, argued that policing high-profile accounts and their imposters should be a top priority for Twitter and that a “high school intern could fix that in one day.”
“Just test all account names to see if they are similar to existing high-profile accounts,” he said. “...There's no excuse to have fraud Elon Musk accounts with off-by-one character usernames and the same profile pictures blatantly pushing scams.”
Twitter, however, has been slow to act. On Sunday, John McAfee, founder of the software security firm McAfee and a cryptocurrency evangelist, pointed out that there were now regular instances of his account being impersonated on the platform. “Naive followers are getting scammed by imposters and the hundreds of other devious scam masters that are proliferating,” he tweeted from his verified account, @officialmcafee.
On Thursday, another account purporting to be McAfee, this one at the handle @officialmmcaffe, had a different message: “send 0.2 Eth and u receive 2.0 Eth.” ●
The Twitter handle for Roger Ver, @rogerkver, was misspelled in an earlier version of this post.
Ryan Mac is a senior technology reporter for BuzzFeed News and is based in San Francisco. He reports on the intersection of money, technology and power.
Contact Ryan Mac at email@example.com.
Charlie Warzel is a senior writer for BuzzFeed News and is based in New York. Warzel reports on and writes about the intersection of tech and culture.
Contact Charlie Warzel at firstname.lastname@example.org.
Got a confidential tip? Submit it here.