Twitter users are being conned out of tens of thousands of pounds a day by accounts impersonating celebrities, Sky News can reveal.
Working with blockchain intelligence firm Chainalysis, Sky News has discovered that multiple independent copycats are behind the scams, rather than a single conspiracy with a dedicated methodology.
The fake accounts have struck hundreds of times over the last two months, with the most successful taking away as much as £50,000 a day before using a range of exchanges to convert the proceeds into cash.
:: Twitter to prohibit range of cryptocurrency ads
The scam takes place after a high-profile Twitter account posts, then an impersonating account with the same image and display name responds in the thread offering to give away cryptocurrency.
Claiming that they want to support the cryptocurrency community, the scammers in the guise of the celebrities ask users to send a token sum to an address they provide in order to receive a larger amount back.
These posts can appear legitimate on first sight. Elon Musk, the billionaire founder of SpaceX, and Vitalik Buterin, the principal inventor of cryptocurrency ethereum, have been among the most commonly impersonated accounts.
Mr Buterin has since had to change his display name to note that he is not giving away any of the ethereum cryptocurrency.
In the largest scams, Sky News has observed hundreds of fake and automated accounts retweeting and liking the scam post, some responding with claims that they received money back; all providing the scammer with legitimacy and encouraging other users to take part.
Despite the apparent simplicity of the scam, Sky News has established that some individuals have fallen for it. Our analysis of the ethereum blockchain – which transparently tracks and stores all transactions made with the cryptocurrency – showed thousands of pounds being sent to the addresses posted in these scams.
While it was immediately clear that none of the users' addresses which sent money to the scammers had received any back, it wasn't obvious whether these were genuine transactions or whether the scammers manufactured fake transactions – similar to the interactions from the bot accounts – which were designed to encourage others to take part.
Sky News and Chainalysis – which works with Europol to help police track down the supposedly anonymous users of cryptocurrencies such as bitcoin and ethereum – searched through the histories of those addresses to see if they had received seed funds from a similar address, or if they were indeed legitimate victim transactions.
Seems this scam is happening commonly involving a lot of high-profile Twitter users. Not possible to see if the payments are genuine as nobody seems to be responding complaining about their funds being stolen. pic.twitter.com/EvRxmkYcgy
— Alexander J. Martin (@AJMartinSky) February 17, 2018
Our investigation found that some of these scams did indeed feature seed transfers, but these curiously were only utilised by the least successful of the scams. For the most successful – which received thousands of pounds from their victims – not a single transaction could be confidently flagged as a seed transfer.
Many were actually sent directly from the cryptocurrency exchanges where they appeared to have been bought and stored, suggesting that the individuals falling for the scam were novice users.
Graphs produced by Chainalysis show how the funds belonging to victims' accounts were independently sourced, displaying separate clusters of transactions rather than anything which the scammer had seeded.
Alvaro Sevilla of Chainalysis told Sky News this was not easy to establish, as following the transaction histories of a victim addresses requires an exponentially increasing search.
However, our investigation assessed that it was unlikely the scammers had used a sophisticated scheme of cryptocurrency laundering to conceal a single source and convince others to take part in the scam, as any potential victim who was sceptical enough to undertake an in-depth search of those transactions would also have noticed that the tweets did not originate from legitimate accounts.
What was more intriguing however was the way the cryptocurrency was handled by the scammers when they attempted to withdraw the funds.
Chainalysis detected significantly different methodologies in terms of how the scammers attempted to launder their cryptocurrency, and to which exchanges their funds were sent in exchange for cash – suggesting that the campaigns were being run by copycats rather than a single conspiracy with an established method of operating.
Mr Sevilla, a senior developer at Chainalysis, said: "The differences in the way these funds are being handled, such as different withdrawal patterns and the use of different exchanges, is indicative of different copycats attempting to do the same scam.
"The simplicity of the attack, which requires little technical knowledge and preparation, also leads us to believe it's a trend more than an organised attack."
Although impersonating another account on Twitter in a misleading or deceptive manner is a violation of its rules and may lead to a permanent suspension, the cryptocurrency scams have continued largely because these rules have not been quickly enforced.
Accounts using the celebrity status of individuals from billionaire Musk through to Mr Buterin – ethereum's principle inventor – have continued to operate on the platform, despite conning Twitter users out of their money.
One fake Elon Musk account reported by Sky News remained active on the site for almost a fortnight, despite Twitter acknowledging our report of the scam.
A spokesperson for Twitter told Sky News: "We are aware of coordinated spam activity around cryptocurrencies and related software products. The malicious use of automation, impersonation, and other deliberate attempts to deceive are prohibited under the Twitter Rules.
"Our teams are overseeing a technological process of batch suspending these networks of offending accounts at scale and at speed. If anyone sees suspicious account behaviour relating to these issues, they should block the user immediately and report them directly to our dedicated support teams."
Related stories
Earlier this month, Mark Carney, the governor of the Bank of England, warned that cryptocurrencies faced a regulatory crackdown, stating that the time had come to "regulate elements of the crypto-asset ecosystem to combat illicit activities."
Following changes by Facebook and Google, Twitter is also understood to be considering a policy change towards cryptocurrency advertising in the near future.
[contf] [contfnew] 
Sky News
[contfnewc] [contfnewc]
