(Bloomberg Businessweek) -- If you wanted proof that crypto scams have gone mainstream, look no further than our Twitter accounts, @LilyKatz and @olgakharif. During the first three weeks of May, fraudsters copied our pages, including profile photos, to push Ether swindles onto our 17,000 collective followers. And in spite of multiple requests to Twitter Inc. to have them removed, at least one of our doppelgängers—and a host of other bot-driven fakes targeting individuals and companies—are still out there offering unbelievable deals. “Setting up a bot is easy-peasy,” says Roger Kay, president of Endpoint Technologies Associates. “The sign-up probably takes longer than the programming.”
Twitter is a hotbed of crypto gossip and one of the preferred places for promoters to hawk their products, so it makes sense that scammers are crowding onto the platform. We discovered @LilyKatz5 first, after the impostor tweeted at the real account’s followers with a promise of up to 100 Ether to anyone who sent in a small quantity of cryptocurrency. Twitter shut down the copycat once Lily uploaded a photo of her passport as proof of her identity, but that’s a step many privacy-minded users don’t feel comfortable taking.
Then the digital grifters got smarter: Two weeks later, another fraudster using Lily’s photo and name, with the handle @subidetu4692, first blocked her so she wouldn’t see the tweets, then spammed her followers with too-good-to-be-true Ether offers. Lily didn’t know about the tweets until a fellow reporter alerted her. A quick look at the blockchain suggests that the scammer has made progress; the account linked to @subidetu4692 received Ether in 10 separate transactions over the past couple of weeks, typically in amounts of 0.5 to 1.
Olga discovered her evil twin on May 10, when @o1gakharif tweeted at her to try to reach her followers, touting Ether offers. She twice notified Twitter on its website but didn’t feel comfortable sharing personal documents online to prove her identity. Neither did Lily on her second go-round. We’ve both since worked with Twitter to become verified without having to share our private documents. Twitter suspended the second counterfeit Lily account on May 22, about a week after it first tweeted scams targeted at her followers. Olga’s spoof account was still up as of that date.
Elon Musk and Ethereum co-founder Vitalik Buterin are among the more prominent public figures targeted by the bot army. Since cryptocurrencies have grabbed the public’s attention, Twitter has become a free forum for people to hype their offerings, says the Texas State Securities Board’s Joe Rotunda, whose enforcement division is cracking down on scammers. “Promoters of cryptocurrency offerings typically don’t employ a sales force,” he says. “The business model simply doesn’t contemplate boiler rooms and call centers, where telemarketers frantically dial for dollars.”
As day traders and newbies sift through posts to try to find the next coin that will surge 1,000 percent in a week, screaming headlines can grab them, and the fear of missing out may lead to poor choices. And unlike credit card transactions or most other payments, coin transfers usually can’t be reversed, says Luke McNamara, a principal analyst at FireEye Inc. “This is a space where individuals are responsible for their own security,” he says. “That’s why we’ve seen so many bad actors gravitating into this space.” There isn’t much hard data to quantify the extent of the spoofing, but Lex Sokolin, global director of fintech strategy at Autonomous Research, estimates the rate of phishing likely reaches up to 5 percent of all crypto-related conversations on Twitter.
Twitter says it’s aware of the problem and is working on fixes, according to an email from a spokesman. Over the past few months the company has cracked down on bots by limiting users’ ability to perform coordinated posts across multiple accounts, which could mean a bot is at work. At the Consensus 2018 conference in May, crypto entrepreneur Elizabeth Stark jokingly warned Twitter Chief Executive Officer Jack Dorsey onstage that she wasn’t giving away any free Ether. He promised her the company is “trying to fight scams.”
Individuals are doing their part, too. Buterin has since inserted a disclaimer into his handle stating he’s not giving away Ether. Many cryptocurrency exchanges, including Coinbase, have also issued warnings. But some observers say Twitter, looking to hold on to its average 336 million monthly active users, may not have enough incentive to dump the fakers. “My impression is that Twitter could do much more,” says Endpoint Technologies’ Kay. “The problem is that cleaning up the platform is detrimental to its business model.” To address problems of spam and bots, Twitter has made more than 30 changes to its product, policies, and operations in the past 16 months, and its systems are already identifying and reviewing more than 6 million suspicious accounts per week, said an email from the company.
People like Zooko Wilcox want to see more help from Twitter in the war on bots. “It’s not something we can solve ourselves,” says the founder of Zcash Co., which supports the network running the Zcash token. He too has been impersonated by scammers, and as he sees it, the process for getting rid of them is too invasive and time-consuming, and it’s too easy for them to create more bogus handles. In the meantime, don’t send anyone Ether on our say-so; it’s definitely a scam.
©2018 Bloomberg L.P.