Twitter Bots Are Monitoring Cryptocurrency Tweets To Steal Crypto Wallets—This Is How They Do It

Scammers are abusing Twitter APIs, monitoring tweets containing specific keywords to steal cryptocurrency wallets.

Twitter bots are at it again, with scammers working behind each account. This time, they target tweets requesting support for popular crypto wallets like TrustWallet and MetaMask.

In just seconds, these scamming bots will respond to tweets with keywords consisting of 'MetaMask' or 'Trust Wallet'.

Scammers target specific keywords through Twitter APIs, a feature from Twitter allowing them to monitor every public tweet.

Once these phrases are included in a tweet, Twitter bots will automatically reply to these tweets dressed as 'fake support agents' with links that will steal your cryptocurrency wallet.

These phishing attacks are no longer new tactics. However, scammers are now targeting other cryptocurrencies. Because of that, scam cases remain rampant.

How The Twitter Crypto Scam Works

To see how the new Twitter crypto scam works, BleepingComputer conducted a test.

If you tweet words like 'support' or 'help' with keywords like 'Trust Wallet', 'MetaMask' or 'Yoroi', your replies will instantly get bombarded with replies from Twitter bots. These bots will reply to fake support forms to collect your most sensitive data.

Take note that other keywords are being monitored, too, such as specific names of crypto wallets alongside the word 'stolen'.

Now back to the test conducted, within seconds of posting tweets with specific keywords, accounts in the disguise of Trust Wallet and MetaMask support accounts will reply.

Others also pretend to be helpful users concerned with your current situation, as well as pretending to be previous victims.

The replies do not have a copy-pasted tweet, and it doesn't appear generated too. But, their tweets will share one common purpose, which is to lure you into submitting a form consisting of your information plus your wallet's recovery phrases.

But how do they do it?

In stealing the recovery phrases, the scammers will send you support forms on Google documents and other platforms.

These support forms perfectly impersonate the most basic setups of helpful supports. First, they will ask for your email address, current problem, and wallet's recovery phrase.

Now, to further convince you to put your sensitive information, they will mention their 'encrypted cloud bot' that will allegedly help secure the details you've been submitting in the form.

But of course, all of those are just a ruse. Once they get a hold of your recovery phrase, they will now have access to your crypto wallet, and they will transfer the contents to wallets they own.

At first, it seems unbelievable that someone will fall for these obvious phishing scams. But that is not the case. Some Twitter users reported having their wallets, crypto, and even NFTs were stolen.

There were also reports from Trust Wallet users saying their digital wallets were hacked and funds were already transferred to another wallet.

From that, it should be a lesson learned to everyone not to share recovery phrases with anyone at all.

This article is owned by Tech Times

Written by Thea Felicity

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics