Ethereum Users Target of Phishing on Twitter

I’m hoping to write something here to help Twıtter take notice. This isn’t just a couple isolated accounts impersonating a couple random people, there is a targeted phishing campaign taking place targeting members of the Ethereum community, and should receive a little extra care in shutting down well.

The con looks like this:

A prominent member of the Ethereum/Bitcoin/Cryptocurrency space contacts you.

They say they’re probing for information on the community, and will offer you half-priced Ether (a crypto-currency) in exchange for your thoughts.

They first send you a link to a SurveyMonkey survey with some very boring and mundane questions.

Once returned, they give you a second link, to a second survey, which includes an address to send BTC to in order to get payment.

In this real example website, we can see this address, which has held over a hundred BTC over its lifetime, possibly from phishing attacks. I’d be surprised if it were the only BTC address they were phishing with.

Identity Swapping

These Phishers have used a variety of accounts, usually close variants of real accounts, that are difficult to distinguish from their originals:

  • @etheruemJoseph impersonating @ethereumJoseph
  • @myetherwaIIet impersonating @myetherwallet
  • @ethereumprojct impersonating @ethereumproject

The typical recourse for a Twitter user made aware of this is to report for abuse, but apparently reporting for abuse gives the attacker the opportunity to change their name.

In the attempt on one of my accounts, “@etheruemJoseph” suddenly became renamed “@GeminDotCom”, apparently an impostor of @GeminiDotCom.

This means Twitter’s own regular process for shutting down these phishers is failing, and that’s why I’m writing this.

Not only should these accounts be actually banned, if I were at Twitter, I could consider searching DMs for the phisher’s text, since it’s probably duplicated across accounts, and try to identify culprits before they have much more success.

For that purpose, here is a full phishing attempt exchange:

If you have any other info or leads, feel free to add it here, maybe this will be a useful place to gather details.