False Vitalik Buterin Account Has Over 10,600 Followers & Promotes Scam Sites

A special thanks to community member Frankie G. who pointed the fraudster out.

Have you seen one of the latest Vitalik Buterin impersonators? The scammer’s Twitter account has over 10,600 followers, and appears to have been very actively engaged in farming followers. It is an example of a growing issue revolving around cryptocurrency scams that Twitter has yet to truly deal with in an effective manner.

The scammer’s account handle is @ddbb4a but they’re using the name “Vitalik Non-giver of Ether.” The false account also features an image of Buterin but lacks any masthead image. Whoever controlled the scammer’s account had also “liked” close to 21,000 posts, mainly those that promise a like or retweet will result in substantial followings. Prior to shifting to cryptocurrency related tweets, the account seems to have been focused on posting retweets, mainly in Arabic and, many making cryptic religious references. The twitter user behind the malicious account also made two lists centric to garnering followers, one specifically aimed at the Arab community.

On September 6, 2018, @ddbb4a began making cryptocurrency related tweets, first to Binance:

Then, piggybacking a tweet from Binance regarding the distribution of GAS, ONG, and VTHO cryptocurrencies for August, @ddbb4a tweets the scam:

The scam site leads to the malicious website h[xx]ps://mixgift[dot]top where users will be directed to choose between bitcoin or ethereum. Clicking either logo will lead to a site where users are provided either a bitcoin or ethereum address to contribute a portion of cryptocurrency to and receive “from .5 to 50 BTC” or “5 to 200 ETH” back, depending on which you choose.

The only accurate bits of information on either of these pages are the addresses provided to which cryptocurrency goes, never to return.

When you click to see why a payment hasn’t arrived, you’re encouraged to send the payment again.

The bitcoin address provided on the scam site has a balance of 0 and has no transaction history, although the website from which it comes has a false history of transactions ticking in and out of the address. Likewise, the ETH address attached to the scam site has a balance that doesn’t match up either, in this case 3.6448 ETH. While a similar fake list of transactions too and from the address are featured on the phishing site, the actual transaction history doesn’t match up, and shows the ETH balance in it comes from five different addresses, one of which is associated with a Bittrex exchange account.

Another scammer pretending to be Vitalik has also been retweeted by @ddbb4a’s account, that of impersonator @irikixus, two of whose four tweets ever are advertisements for the malicious website h[xx]ps://geteth[dot]cn, which is a mirror of the Ethereum side of the scam with the noteworthy difference that a bonus is advertised in an additional green banner which isn’t present on the other two scam sites. It does feature the same malicious ETH address sported on the first scam site.

This version of the scam touts a bonus for contributions over 10 ETH.

Of course, this isn’t anything new, and for the record, the actual Vitalik Buterin (@VitalikButerin), has around 807,000 followers. Vitalik is no stranger to impersonation attacks, to the point that he’s pinned a tweet to his profile that tells people about his official social media accounts:

The impersonation of major figures in cryptocurrency can be a big problem, since unsuspecting users who want to take advantage of giveaways and promotions can often be mislead. The Cryptonite add-on for Chrome, Firefox, and Opera directly addresses this issue on Twitter. Cryptonite has been fine tuned to give users a visual cue for cryptocurrency related resources with its black shield that turns green. This also applies to known cryptocurrency related thought leaders and influencers on Twitter, helping you quickly discern the real deal from a scam at a glance. Cryptonite also blocks phishing sites before you land on them.

Download Cryptonite today. It’s the only way that you can participate in the MetaCert Protocol Beta Program, where you’ll get a special opportunity to earn a bonus on tokens.

MetaCert Protocol is the best in the world at one thing — URL Classification.

MetaCert Protocol is decentralizing cybersecurity for the Internet, by defining ownership and URL classification information about domain names, applications, bots, crypto wallet addresses, social media accounts and APIs. The Protocol’s registry can be used by ISPs, routers, Wi-Fi hotspots, crypto wallets and exchanges, mobile devices, browsers and apps, to help address cyber threats such as phishing, malware, brand protection, child safety and news credibility. Think of MetaCert Protocol as the modern version of the outdated browser padlock and whois database combined.