Scammers use gold-labeled Twitter accounts to scam people.

Scammers use gold-labeled Twitter accounts to scam people.

Scammers use gold-labeled Twitter accounts to scam people.

Scam Sniffer, a blockchain security tool that alerts the crypto community to phishing schemes spread by accounts with gold labels, warned about the upcoming Wormhole airdrop.

SlowMist wrote on X that “every airdrop is a scammer carnival” yesterday. “You wouldn’t think the accounts with gold labels are fake Wormholes.”

Sadly, the Wormhole gold-labeled accounts are now posting posts that pretend to help users with the airdrop. The posts are actually malicious links that cause the user to lose funds. Wormhole’s official account has only a blue tag.

You can also read: Bypassing security by exploiting EIP-712 normalization, wallet drainers are able to bypass the system.

Pnuts shared the following with the X Community: “I lost 90% of my on-chain portfolio that I built over the past 3 years.” Pnuts is one of those who fell victim to the fake Wormhole phishing scheme. Pnuts shared that he clicked on a fake link, which appeared to be from an official account. It was a bad one.


They claimed that they were aware of how to avoid signing any suspicious transaction and did not check the malicious links. Pnuts also said that the victim clicked the malicious link accidentally. This led to losses of money.

Pnuts also found messages sent by the X-account Vienn_ETH who was already aware of this exploit. They offered their assistance. This mysterious assistant, whose X account did not exist at the time this article was published, began a video chat with the victim, showing him the Etherscan revoking procedure and asking for screenshots of the process executed on his computer.

Pnuts said that the actor had also been able to take funds from his victim’s SOL account.

S3condson, a X user reported a similar experience of losing their LUNA funds after signing a permission provided by the fake Wormhole Account. S3condson, too, was scammed by scammers who claimed they were trying to recover lost funds.

In the crypto community, the issue of scammers posing as legitimate Web3 project and using X-icons that were supposed to prove the reliability of an account has been brought up numerous times. SlowMist, a cybersecurity team in January of this year, published a report on these exploits.

The on-chain specialists discovered that phishing accounts occupied 80% of the comments made on famous tweets.

SlowMist reported that Twitter accounts can be purchased easily through Telegram groups, specialized sites, and websites which offer Twitter accounts of various years.

Scammers purchase an account that is already set up to suit the needs of the phishing scam. They then invest in tools for promoting the account, such as paid interactions and followers.

SlowMist says that these tools also support cryptocurrency payments and offer services such as likes, share, and follower boosters for international social platforms. One of the services has already processed over 1.3 millions orders from around 20,000 clients.

Scammers create Twitter accounts to mimic the project that they’re interested in. Automated bots are a crucial component of the phishing campaigns. They follow the activity of the emulated project and comment as soon as the posts appear. This will ensure that the fake account is visible to X users.

SlowMist suggests that cryptocurrency users increase their personal security awareness to avoid exploits like those mentioned above. It also stresses the fact that security tools are helpful but not enough to prevent theft.

Any suspicious behavior can raise a flag when dealing with Twitter crypto accounts. In the recent case of fake Wormhole exploits it is clear that the account used by the original Wormhole uses the X-name “Wormholecrypto”. ScamSniffer has identified two accounts that are fake. They were named “Sndrises”, and “Yellowspeed_hq”.

Web3 Security: Blockchain Security Industry Specialists Needed

This rule is not applicable to all cases and scammers may be more adept at imitating legitimate X account names. However, it should still be checked.

These tools provide an extra layer of security, even though it’s not recommended to solely rely on them. You should always conduct your own assessments whenever you visit a Web3 project. SlowMist stresses the importance of real time alerts on phishing sites, as they can warn users when they open phishing pages, thereby “eliminating deceptive signature requests” and preventing the threat at the beginning.

Cryptocurrency wallets can detect malicious signatures, display transaction information including recipients and amounts as well as authorization details.

What do you think?


Leave a Reply

Your email address will not be published. Required fields are marked *


Newborn Binance tokens | Buy/Sell New Crypto's Listed on 2024-03-080

Newborn Binance tokens | Buy/Sell New Crypto’s Listed on 2024-03-08

Stablecoin Studio on Sui, S3, to Give Sui Developers Compliant Payment Processing Stablecoin Applications - CoinJournal

Stablecoin Studio on Sui, S3, to Give Sui Developers Compliant Payment Processing Stablecoin Applications – CoinJournal