An Elon Musk bitcoin scam has been discovered on Twitter. Attackers are compromising verified Twitter accounts, changing the profile name and then tweeting that Elon is creating the biggest cryptocurrency giveaway of 10,000 bitcoins. The scam is also being promoted via Twitter advertising to ensure that it gets more attention and seems legitimate. If the user clicks the link in the tweet, they will then be taken to one of three websites which are musk.fund, musk.plus, and spacex.plus. Once on the page it states, “To verify your address, send from 0.1 to 3 BTC to the address below and get from 1 to 30 BTC back!” To help users fall victim to the scam, the attackers are even compromising official government Twitter accounts. The Ministry of Transportation of Colombia and the National Disaster Management Authority of India (NDMA) fell victim to the attackers when they were seen promoting the scam. Two tweets from the compromised NDMA account include “Elon, you are the best person I have ever seen in my life!” and “I sent 0.30 BTC and got 6 BTC back!” At the time of writing this article, the attackers have received 392 transactions, accounting for roughly $180,000 USD.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is