Researchers discover evasive crypto “giveaway” scam on Twitter

Posted: 8 August 2018 4:20 am
botnet small
{"theme":"dark","direction":"horizontal","showArrows":true,"splitTitle":true,"playerOptions":{"captions":true,"popupOnScroll":true,"subscribe":{"title":"Subscribe","url":"","visibleOnMain":true,"visibleOnPopup":true}},"active":{"index":0,"start":16,"end":null,"thumb":"","thumbAnimation":"kenburns-top-right","heading":{"small":"WATCH","large":"Is now the time to buy crypto, or sell?"}},"yt":{"method":"videos","params":{"id":"7ejU16_Vres,5QRT3QEUWqE,pr-4M1quTf8,aDZeO12uG8w,ovD5wKcfPpg"}},"banner":true}

The scam was made up of at least 15,000 bots, used to spread a link to a fake cryptocurrency handout.

A team of researchers has exposed an intricate botnet scam operating on social media platform Twitter.

Duo Security researchers identified the scam by analysing a dataset of more than 88 million Twitter accounts between May and July 2018. The team processed these APIs in a machine learning model to detect bots.

The security software firm's principal R&D engineer Jordan Wright and data scientist Olabode Anise released a report entitled Don't @ Me: Hunting Twitter Bots at Scale, which expounds upon their findings in detail.

Using practical data science techniques to flesh out autonomous profiles, researchers found the scam was comprised of at least 15,000 bots in a "unique three-tiered hierarchical structure", according to the report.

juicy crypto words

The report found that genuine accounts had a higher average measure of account activity (i.e. number of tweets per day), compared to bots. Genuine accounts averaged 11.3 tweets per day and 3.78 favourites per day.

Additionally, the giveaway bots had a distinguishable number of characters at the end of their screen names.

"The typical operation of the bots involved first creating a spoofed account for a legitimate cryptocurrency-affiliated account," the report revealed. "This spoofed account would have (what appeared to be) a randomly-generated screen name, and would copy the name and profile picture of the legitimate account."

"To spread the spam, the bot would reply to a real tweet posted by the legitimate account. This reply would contain a link inviting the victim to take part in a cryptocurrency giveaway."

Duo Security learned that "hub accounts" were set up and followed by bots in an attempt to feign legitimacy. The botnet scam also employed "amplification bots" to increase the number of likes for tweets posted by bots.

Uncovering this process helped the research team to unravel the entire botnet structure.

How to spot and avoid a cryptocurrency scam

As Duo Security carried out its research, Twitter announced that the company was taking a more proactive approach against automated spam and malicious content that exists on its platform. The social media giant identifies and challenges in excess of 9.9 million potentially spam or automated accounts per week.

"We're hopeful that these increased investments will be effective in combating spam and malicious content, however, we don’t consider the problem solved," Duo Security said. "The case study presented in this paper demonstrates that organized botnets are still active and can be discovered with straightforward analysis."

The team has released an open-source system which was used to gather account, tweet and social network data. The information was liberated to assist the community of security researchers to build upon Duo's efforts.

Google, Facebook and Twitter have all banned cryptocurrency advertising, while both Facebook and Twitter are following it up with a so-far unsuccessful war on scammers. As traditional avenues close, untrustworthy, or unintentionally shady, actors are taking it to the physical world and other corners of the digital space.

You can learn all about different exchanges, understand exactly how to buy and sell cryptocurrencies, calculate your taxes, discover digital wallets to hold assets and explore a list of all the alternative coins on the market.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Get into cryptocurrency

Ask an Expert

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site