Malicious Activities Surge on X: Protecting Yourself in a Challenging Web3 Landscape

It’s no secret that scams and malicious actors run rampant in the crypto sphere, particularly during bullish market phases. Regrettably, the frequency of scams and malicious activities on X, one of the most widely-used social platforms in the blockchain and cryptocurrency industry, has escalated in recent months. In this article, we’ll explore three common examples of threats lurking in the Web3 space on the X platform and provide insights on how users can proactively safeguard themselves against falling prey to these deceitful schemes.

1. Malicious Actors Pretending to be Crypto Journalists/Reporters and sending Calendly Phishing Link Invites

This tactic has witnessed a significant increase in usage over recent months. Malicious actors exploit the direct messaging feature on X, assuming the identity of journalists affiliated with reputable organizations to target various high-profile individuals or projects under the guise of arranging interviews. What enhances the credibility of these messages is the seemingly authentic appearance of the accounts — they often display the blue verification checkmark and maintain an active feed with recent pertinent activity. Moreover, they furnish what appears to be legitimate email addresses, complete with the corresponding domain.

The screenshot below exemplifies an instance where an individual impersonated a Cointelegraph journalist, representing just one among numerous occurrences circulating on the X platform. One notable red flag is the urgency conveyed in their inquiry. Typically, scammers employ time-sensitive tactics to coerce potential victims into overlooking suspicious indicators.

Image 1 — Fraudulent message using the X platform “Direct Message“ function

In these instances, malicious actors aim to gain unauthorized access to targeted X accounts for nefarious purposes. Their strategy involves sharing seemingly legitimate Calendly links, which, when clicked, prompt users to grant the app permissions to perform actions on their behalf. Once authorized, the attackers can exploit the compromised X accounts to disseminate phishing links or promote fraudulent activities, such as fake airdrops or crowdfundings. This deceptive tactic is designed to mislead the followers of the targeted account, potentially resulting in the loss of their digital assets.

To protect yourself from such threats, it’s essential to exercise caution and verify the authenticity of accounts that reach out through the DM function on X before interacting with them. Directly contacting the organization they claim to represent can help confirm their legitimacy. Additionally, avoid clicking on any links and carefully review any displayed terms and conditions before proceeding. Whenever feasible, generate your own Calendly links for meeting bookings rather than relying on links provided by others.

To monitor third-party app access to your X account, navigate to “Settings and privacy” > “Security and account access” > “Connected accounts.” Here, you can review the list of connected apps and revoke access for any that appear suspicious or unauthorized. Taking this proactive approach helps mitigate the risk of unauthorized account access and potential security breaches.

2. Targeting Potential Victims Through X Ads

Another tactic observed on the X platform involves the creation of deceptive Ad campaigns aimed at deceiving users. While these ads typically undergo review by the X team to ensure compliance, there has been a noticeable increase in fraudulent ads slipping through the cracks. One notable instance occurred within the Dymension community, a recently launched project that garnered significant attention in the crypto community. Additionally, malicious actors exploited two other aspects to attract users and generate enthusiasm: the involvement of the Binance exchange, widely utilized in the crypto community, and the promise of airdrops, which naturally attracts users seeking such opportunities. It’s worth noting that, in this case as well, the impersonating accounts have a blue checkmark, further enhancing the deception of the posts.

Image 2 — Deceptive Ad campaigns on the X Platform

To safeguard against these malicious tactics, users should exercise increased caution when encountering posts that are part of an Ad campaign but do not originate from the official account of the specific project. As demonstrated by the examples above, it’s evident that the URLs associated with these Ads are not the official URLs of the Dymension project. Therefore, it’s essential to be wary of clicking on any links and to verify the existence of any ongoing initiatives with the project’s officials. Another method to avoid being targeted by such Ads is to have a Premium+ X account, albeit at a monthly cost.

3. Hijacked Official X Accounts

Lastly, members of the Web3 community must exercise heightened scrutiny even when engaging with posts shared by official accounts of the projects they follow. A recent incident exemplifying this necessity is the recent hijacking of the Trezor X account, a renowned manufacturer of cryptocurrency hardware wallets. This incident was particularly unfortunate, given that followers would not anticipate a security-focused project to undergo such a breach. Subsequently, the Trezor team released a dedicated statement addressing the breach. Investigations revealed that malicious actors successfully posted from the official Trezor X account, employing the tactic outlined in the preceding section of this article. This involved sharing a malicious Calendly link in a X direct message, enabling unauthorized posting from the official Trezor X account.

Image 3 — Deceptive post shared by hackers from the official Trezor X account

What steps can users take in such a situation? Always question the content posted on X, even if it appears to be from official sources, and refrain from engaging in any activities until multiple official sources have confirmed the legitimacy of the opportunity. It’s crucial to bear in mind that legitimate opportunities will never require you to share your private keys, and that transferring cryptocurrency assets is an irreversible action.

Regrettably, navigating the landscape of online threats has become an ongoing challenge in the dynamic Web3 environment. At Uppsala Security, we’ve developed advanced tools to provide proactive protection against malicious activities such as fraudulent wallet addresses, phishing URLs, and impersonation attempts. One such solution is our UPPward Extension, available for Brave, Chrome, Edge and Firefox browsers, designed to alert users when they’re on the verge of interacting with potential threats.

Furthermore, if you’ve been unfortunate enough to fall victim to hacking, scams, or fraud resulting in the loss of your cryptocurrency assets, our dedicated in-house research team stands ready to assist. We offer comprehensive investigation services aimed at uncovering the details of such incidents and, where possible, facilitating the recovery of stolen assets. If you’ve experienced such a setback, we encourage you to reach out through our Digital Assets Tracking Services.

About Uppsala Security

Uppsala Security is a leading provider of innovative security tools and services, specializing in Crypto Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF), Transaction Risk Management, Regulatory Compliance, and Transaction Tracking. With a team of experts dedicated to staying ahead of emerging threats, Uppsala Security empowers both end-users and organizations with the knowledge and tools to safeguard their operations in the fast-paced world of cryptocurrencies.

Uppsala Security is headquartered in Singapore and has branch offices in Seoul, South Korea. Follow Uppsala Security on Telegram, LinkedIn, Twitter, Facebook and Medium.