The popularity of cryptocurrencies increased over the last few months and that’s good for the crypto community. However, when there is an increase in popularity — more scams start to appear. Criminals take advantage of inexperienced investors and naive people who want easy gains. That’s why people need to educate themselves on how to avoid fraudsters.

This article describes two scams. The first one involves good old Bitcoin and Ethereum. The second one is about the newly announced Libra cryptocurrency.

Bitcoin and Ethereum scam

Twitter analysis

In this scam, criminals created several websites and promoted them on Twitter. Sock accounts had similar usernames as they were generated with a script. Here are some examples: ShawnaS80706756, BrendaT27686862, Felicia65639086, Dominiq77363655 — the pattern is obvious.

One of the common schemes is to create an army of fake Twitter accounts and promote a scam by replying to influential Twitter accounts. How to spot fake Twitter accounts? That’s pretty simple, as usually, scammers don’t put many efforts into sock accounts. In most cases, a fake account satisfies these requirements:

• Was created recently.
• Doesn’t have a large activity history.
• Uses a fake picture or doesn’t use it at all.

Let’s take a look at the account below; it looks like scammers didn’t care about making it authentic at all.

All of these fake accounts are female, which is a common practice for frauds. It is done for the reason, as the number of men in the cryptocurrency space is twice higher than women. Thus, pictures of pretty woman are more appealing for the male audience.

Results of the image search showed that the picture is used by dozens of different accounts. Therefore, it was just reused by this Twitter account. The same goes for other fake accounts — they all have stolen somebody’s images.

Looking at the screenshots you may notice inconsistent paddings. The second and third image have different paddings between the tweet text and retweets/likes bar. If the images were larger it would be noticeable how badly icons are aligned with numbers. That’s because they were edited. Image forensics proves these elements were copied. Below is a clone detection analysis, run on Forensically.

Fake replies and activity statistics were added to make it more persuasive. A real tweet would never get positive replies from influential people, that’s why scammers create fake screenshots. Several images were generated from one template, which is probably the reason for such heavy editing.

Blockchain forensics

Fake accounts on Twitter were promoting crypto-promo.com to lure victims into the scam. The design of the website is common for this type of scams: wallet address with instructions at the top and fake transactions at the bottom. More details about the website are on urlscan.io.

After loading, the “BTC left” status bar shows a decreasing amount of BTC. This is just a script, that exploits our fear of missing out. If you see something like this — reload the page or clear the cache and it will start over.

It shows 7278862 completed transactions to build trust and create urgency. The transactions are nothing more than a fake script. Checking that Bitcoin address in block explorer proves it.

As observed, there were only 9 transactions to the criminal’s wallet (not 7278862). Therefore, they put that fake script to trick visitors to follow the “crowd”, exploiting the group instinct.

The visualization above is done with Orbit, an open-source blockchain transactions investigation tool. According to the block explorer, there are 10 transactions, but there are more nodes on the image. That’s because one transaction can have more than one input or output. The highlighted node is the address where criminals moved Bitcoins (last transaction).

Another fraud has involved the Ethereum address. The website is taken down at the moment, but information about it can still be obtained on urlscan.io.

Poor design, grammar errors and an unrealistic promise to get x10 in profit make it look sketchy. But still, people fell for the scam and sent Ether to the criminals. The following transaction diagram with the fraudulent wallet at the center was made in bloxy.info.

Libra scam

Recently Facebook announced its cryptocurrency called Libra and it quickly took news headlines. Although Libra is coming in 2020 and by far is only on the testnet, scammers decided to use this hype. They created Libra “pre-sale” website. More details about the website are on urlscan.io.

The website was also promoted on bitcointalk.org.

Whenever you see unverified accounts posting — don’t fall for the promises and do some research. One of the simplest ways to check would be to Google using advanced search queries. Besides, according to whois.com, the website was registered on 2019–06–24, so maybe someone added it to blacklists.

To conclude, cryptocurrencies are evolving and new scams are going to appear. Stay safe and always do some due diligence before investing. Also, if you spotted the scam — report it so others wouldn't fall into the fraud.