Scammers are using the Twitter API to monitor every tweet containing requests for support for MetaMask, TrustWallet, and other popular crypto wallets, and are responding to those tweets with scam links in just seconds. The threat actors are using the API to monitor public tweets matching keywords they input such as ‘support,’ ‘help,’ or ‘assistance,’ along with keywords like ‘MetaMask,’ ‘Phantom,’ ‘Yoroi,’ and ‘Trust Wallet’. Anytime these keywords are found within the same tweet, the tweet sender receives an almost instantaneous reply from a scammer account offering to help the victim with their issue. The reply tweets contain a link to a Google form that poses as a legitimate wallet support form that asks the victim to enter their recovery phrase for their wallet. Once the recovery phrase is stolen, the threat actor has access to all the crypto in the wallet.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is