Bitcoins

A widespread scam pretending to be from Elon Musk and utilizing a stream of hacked Twitter accounts and fake giveaway sites has earned scammers over 28 bitcoins or approximately $180,000 in a single day.

This scam is being pulled off by attackers hacking into verified Twitter accounts and then changing the profile name to "Elon Musk". They then tweet out that he, being Elon, is creating the biggest crypto-giveaway of 10,000 bitcoins.

"I'm giving 10 000 Bitcoin (BTC) to all community!

I left the post of director of Tesla, thank you all for your support!

I decided to make the biggest crypto-giveaway in the world, for all my readers who use Bitcoin."

Even worse, these posts are being promoted through Twitter advertising in order to give them wider visibility and to add legitimacy.

Compromised Twitter Account pushing the Scam
Compromised Twitter Account pushing the Scam (Source: 

The sites that these fake profiles are promoting include musk[.]plus, musk[.]fund, and spacex[.]plus, which state that all a user has to do is send .1 or 3 BTC to the listen address in order to get 1-30 times in bitcoins back.

"To verify your address, send from 0.1 to 3 BTC to the address below and get from 1 to 30 BTC back!

BONUS: Addresses with 0.30 BTC or more sent, gets additional +200% back!

Payment Address
You can send BTC to the following address.

1KAGE12gtYVfizicQSDQmnPHYfA29bu8Da

Waiting for your payment...

As soon as we receive your transaction, the outgoing transaction will be processed to your address."

Scam Site
Fake Giveaway Site

The sickening part is that in a single day, these scammers have received 392 transactions to the bitcoin address 1KAGE12gtYVfizicQSDQmnPHYfA29bu8Da for a total of 28 bitcoins or approximately $180,000 USD.

Bitcoin Transactions
Bitcoin Transactions

To help perpetuate the scam, the attackers hacked into official government Twitter accounts such as the Ministry of Transportation of Colombia and the National Disaster Management Authority of India. These accounts were then used to promote the scam by stating that they sent bitcoins and received more coins back.

National Disaster Management Authority of India Twitter Account
National Disaster Management Authority of India Twitter Account
Ministry of Transportation of Colombia
Ministry of Transportation of Colombia Twitter Account

When BleepingComputer contacted Twitter regarding this scam, we were given this statement by a Twitter spokesperson:

"We don’t comment on individual accounts for privacy and security reasons. Impersonating another individual to deceive users is a clear violation of the Twitter Rules. Twitter has also substantially improved how we tackle cryptocurrency scams on the platform. In recent weeks, user impressions have fallen by a multiple of 10 in recent weeks as we continue to invest in more proactive tools to detect spammy and malicious activity. This is a significant improvement on previous action rates."

Related Articles:

The Few Privileged North Koreans Are Savvy Scammers

Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers

Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads

Sites Trick Users Into Subscribing to Browser Notification Spam

Make-A-Wish Website Compromised for Cryptojacking Operation