Back in 2017, the price of a single Bitcoin eclipsed the price of an ounce of gold for the first time ever. This news, coupled with the exploding adoption of its underlying technology – blockchain – beyond the financial world, attracted a new flock of clientele, investors and entrepreneurs to the fledgling cryptocurrency. However, Bitcoin’s rapid rise hasn’t only caught the eyes of people looking to profit through legitimate means, leading to a new category of Bitcoin scams.
One type of financial scam involving Bitcoin has actively spread across social networks. We have previously uncovered fraudulent social network campaigns targeting users like bank customers, holiday shoppers and mobile gamers. Whether it’s these victims or Bitcoin owners, if it’s one thing we’ve learned about social network scammers, it’s that they succeed by leeching onto the money-driven hype associated with the latest and greatest hallmarks of popular culture.
Bitcoins are verified through encrypted transactions, which are eternally recorded on a ledger that’s accessible to anybody. This ostensibly helps wallet-holders hamper the type of fraud, theft and sensitive data compromise that’s marred other modern payment vehicles like credit cards and online money transfer services. But for all its afforded security benefits, this digital gold has introduced a brand new kind of digital criminal ecosystem.
What makes Bitcoin owners such lucrative targets on social media? Ironically, exactly the same thing that makes Bitcoin more secure – its decentralized, anonymous and irreversible nature.
- Decentralized: Unlike other currencies, Bitcoin isn’t controlled by any financial institution or government. When fraud is committed in Bitcoin’s name, its lack of a central authority is exactly what makes it impossible to recover any losses. Once a victim is duped, the buck stops there: no bank or credit card issuer can bail them out in this regulatory vacuum.
- Anonymous: Anyone can open up a wallet to begin earning and spending Bitcoins without providing personally identifying information. It’s not surprising then that Bitcoin is the preferred form of payment for digital drug dealers and online sellers of other illegal merchandise, operating within the ugly underbelly of the internet referred to as the “dark web.” Social network profiles also conceal the real-world identities of their users, providing an extra layer of pseudonymity that makes real-world attribution infeasible.
- Irreversible: Bitcoin transactions can neither be changed nor removed. This is a feature, not a bug. No one can alter records after the fact, creating an incorruptible and permanent ledger dating all the way back to the first ever transaction. There’s no way to recover losses once Bitcoins are spent, creating an easy way to engage in money-flipping scams like “Send me Bitcoins, and I’ll pay you back double!” Hence Bitcoin is a well-known instrument for conducting Ransomware attacks, which have exploded in recent years, inflicting hundreds of millions of dollars in damages upon hundreds of different companies and countless individuals.
For these reasons among others, Bitcoin has blossomed into the modern scammer’s preferred method of payment. Social media provides access to a key demographic of digitally connected people who are most interested in getting into the Bitcoin game, but who also lack the specialized expertise necessary to tell a legitimate from an illegitimate offer. Below, we dissect some representative examples of Bitcoin-related social media scams detected by the ZeroFOX Platform, and conclude with high-level statistics highlighting their impact and pervasiveness.
Four Categories of Bitcoin Scams
There are four main categories of Bitcoin scams, each leveraging a different payload to attack victims and extort Bitcoin.
- Fake Bitcoin wallets hiding malware downloads: Attracting users to click through URLs posted to social media is a technique that ZeroFOX has observed in a variety of attacks. This one uses the promise of Bitcoin to lure the user into following a URL that subsequently attempts to download a malware-laden app (Figure 1). We also discovered that fake Bitcoin surveys are often used to distribute malware, and we advise caution when encountering any social media URL that is either shortened or not secured with an HTTPS connection.
Figure 1: A) Twitter users propagate the malicious URL as a way to earn Bitcoin profit. According to VirusTotal vendors, the website is laced with malicious files including B) a credential-stealing Bitcoin miner and C) an executable resembling a Gadoux botnet installer that attempts to connect to a live C&C server.
- Bitcoin phishing impersonators: Impersonators run rampant on social media, and impersonating the Bitcoin brand itself is a tactic that can be used to gain a victim’s trust and credibility. This phishing website allegedly offers a search service enticing users to enter in their private Bitcoin key to see if it exists in their database (Figure 2). Once entered, the private key will simply be phished, allowing the scammer to spend directly from the curious Bitcoin owner’s wallet.
Figure 2: A) An impersonator uses the recognizable Bitcoin logo as their Twitter avatar, and posts with click-baity rumors and hashtags to spread phishing URLs to their followers and beyond. B) The URL destination is a phishing webpage that harvests Bitcoin private keys.
- Bitcoin-flipping scams: These scams could be an offer to instantly exchange Bitcoins for money after paying an initial startup fee or a promise to double your initial investment overnight (Figure 3). The other end of the bargain is never held-up, and Bitcoins are stolen immediately. We’ve previously reported on money-flipping scams targeting bank customers, which similarly exploit this low-risk tactic that bears fruit for scammers when distributed in high volumes. Scammers succeed because they’re able to broadcast their scam to thousands of unsuspecting targets through social media.
Figure 3: A) A scammer advertises their fraudulent Bitcoin-flipping website on Instagram. B) The advertised URL fools incoming victims with false guarantees.
- Bitcoin pyramid schemes: These scams are harder to recognize than the more egregious Bitcoin-flipping examples described above, but the end result is the same; the scammer eventually makes off with the victim’s stolen Bitcoins. This tried and tested idea relies upon high yield investment programs and multi-level marketing. In these ethically grey schemes, a low initial investment can be multiplied by signing up additional members using referral links. New members are then encouraged to do the same, rinse and repeat. Before long, hundreds of victims have joined the scheme. At a later point in time, the original scammer walks away and the pyramid collapses. The example in Figure 4 involves fake donations; the irony here is that not only the scammer but also their subsequent victims use social media to spread word of the scheme. Despite all promises, there’s no ROI to be had here.