New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Malicious Bitcoin Vanity Addresses Used to Scam

Malicious Bitcoin Vanity Addresses Used to Scam Users Out of Two Million USD

Bitcoin giveaway scams, while not new, have evolved with the use of a new trick to give the scam more credibility. The “trick” in question involves the use of vanity Bitcoin addresses (addresses that incorporate a custom word into the address itself) in order to convince the victim that the address is legitimate. The cybersecurity firm Adaptiv has tracked the use of over 66 Bitcoin addresses that contain “Elon Musk” (or a variation thereof) created since late April 2020. This particular campaign has been very effective recently. An overview of the 66 Elon Musk vanity addresses shows that since April 2020, 214 Bitcoin, worth approximately two million US dollars, has passed through these accounts. The method used by this actor to distribute the vanity Bitcoin addresses is also quite unique. Hackers will compromise high-follower count YouTube accounts and change the name/graphics to mimic a celebrity or trusted brand. Next, they’ll launch a live stream and broadcast the scam. With the addition of the Bitcoin vanity address, this helps the scam look very credible and convincing.

Analyst Notes

While YouTube is the most common place for these scams to take place, the scams have also been found on Twitter, TikTok, Instagram, and other social media platforms. The most common way that attackers compromise accounts is by stealing the password through fake login pages or information stealing malware such as AZORult, Predator the Thief, and others. Attackers also make use of third-party data breaches to try passwords stolen from one site on many other sites, counting on the fact that many people re-use the same password everywhere. It is important to enable Multi-Factor Authentication (MFA) and use unique passwords for every account. Many of these Bitcoin scams offer to “send back double the Bitcoin sent to the address.” However, users should be aware that if a monetary campaign sounds too good to be true, it’s very likely to be a scam. Binary Defense predicts that it’s likely we’ll see more of these vanity address scams as criminals realize how profitable they are.