There’s currently a surge in cryptocurrency and phishing scams proliferating on X (formerly Twitter)—hiding under the guise of gold and gray checkmarks intended to mark “Verified Organizations,” reports have warned this week.
These scams seem to mostly commandeer dormant X accounts purchased online through dark web marketplaces, according to a whitepaper released by the digital threat monitoring platform CloudSEK. But the scams have also targeted high-profile X users who claim that they had enhanced security measures in place to protect against these hacks.
This suggests that X scammers are growing more sophisticated at a time when X has launched an effort to sell even more gold checks at lower prices through a basic tier announced this week.
Most recently, the cyber threat intelligence company Mandiant—which is a subsidiary of Google—confirmed its X account was hijacked despite enabling two-factor authentication. According to Bleeping Computer, the hackers used Mandiant’s account to “distribute a fake airdrop that emptied cryptocurrency wallets.”
A Google spokesperson declined to comment on how many users may have been scammed, but Mandiant is investigating and promised to share results when its probe concludes.
In September, a similar fate befell Ethereum co-founder Vitalik Buterin, who had his account hijacked by hackers. The bad actors posted a fake offer for free non-fungible tokens (NFTs) with a link to a fake website designed to empty cryptocurrency wallets. The post was only up for about 20 minutes but drained $691,000 in digital assets from Buterin’s unsuspecting followers, according to CloudSEK’s research.
Another group monitoring cryptocurrency and phishing scams linked to X accounts is MalwareHunterTeam (MHT), Bleeping Computer reported. This week, MHT has flagged additional scams targeting politicians’ accounts, including a Canadian senator, Amina Gerba, and a Brazilian politician, Ubiratan Sanderson.
On X, gold ticks are supposed to reassure users that an account can be trusted by designating that an account is affiliated with an official organization or company. Gray ticks signify an account is linked to government organizations. CloudSEK estimated that hijacked gold and gray checks could be sold online for between $1,200 to $2,000, depending on how old the account is or how many followers it has. Bad actors can also buy accounts affiliated with gold accounts for $500 each.
A CloudSEK spokesperson told Ars that its team is “in the process of reporting the matter” to X.
X did not immediately respond to Ars’ request to comment.
CloudSEK predicted that scams involving gold checks would continue to be a problem so long as selling gold and gray checks remains profitable.
“It is evident that threat actors would not budge from such profit-making businesses anytime soon,” CloudSEK’s whitepaper said.
For organizations seeking to avoid being targeted by hackers on X, CloudSEK recommends strengthening brand monitoring on the platform, enhancing security settings, and closing out any dormant accounts. It’s also wise for organizations to cease storing passwords in a browser, and instead use a password manager that’s less vulnerable to malware attacks, CloudSEK said. Organizations on X may also want to monitor activity on any apps that become connected to X, Bleeping Computer advised.
