The giveaway scheme uses the tech titan’s name as
part of Bitcoin addresses for extra credibility
Cryptocurrency giveaway
scams – including those impersonating Tesla and SpaceX boss Elon Musk – have
been making the rounds for quite a few years now. The newest trick up the
fraudsters’ sleeves involves name-dropping Musk into the Bitcoin address
itself, which has helped them fleece victims out of more than US$2 million
worth of bitcoin over the past two months.
In order to make their ruse
seem more trustworthy, con artists use Bitcoin vanity addresses that
incorporate a custom element or word into the address itself. In this case,
it’s the name of the South African-born tech titan: “1MuskSEYstWetqTFn5Au4m4GFg7xJaNVN2”
or “1ELonMUskSEYstWetqTFn5Au4m4GFg7xJaNVN2”
The crooks then ask people
to send digital cash to a bitcoin address under the promise of doubling the sum
as part of a giveaway. However, as you might’ve guessed, the victim won’t see
any of their cryptocurrency ever again.
Justin Lister, CEO of
cyber-security firm Adaptiv, who has been tracking the bitcoin addresses
misusing Musk’s name over the past month, said he was able to track down 66
such addresses. Speaking to ZDNet, he said he was able to identify the addresses
with the aid of BitcoinAbuse, a public database of bitcoin addresses used by
scammers, hackers, and various other cybercriminals. According to Lister, the
66 addresses have received over 201 Bitcoin since their creation in April 2020.
ZDNet was able to identify
an additional 67th address, which has received another 13.9
Bitcoin, bringing the total to some 215 Bitcoin. Based on today’s exchange
rate, this is equivalent to US$2.03 million.
One of the ways these
giveaway scams are organized is through hijacked YouTube accounts with a large
number of followers. These accounts are then rebranded to take the guise of a
celebrity or brand to bolster their credibility and a giveaway live stream is
launched citing an important milestone as a reason for the event. One such
event occurred recently, when SpaceX became the first private company to launch
astronauts into orbit.
Although YouTube is one of
the more popular channels through which these scams are organized, it is by far
not the only one. Cybercriminals have been known to utilize other social media
to spread their scams, including Twitter, which they use to amplify the reach
of their scams using bot networks.
Giveaway scams abusing Elon
Musk’s name or companies, as well as other well-known figures such as Bill
Gates, are nothing new. They have even provoked the ire of Musk himself, who
took to Twitter to share his feelings about the issue earlier this year.
ESET cybersecurity
specialist Jake Moore recommends doing your due diligence if you are
considering in participating: “I suggest all users do background checks as far
as they can including reviews and then further research into the account itself
before parting with any money. This isn’t a case of ‘if it’s too good to be
true, it probably is’, it’s a case of merely don’t be too quick to click.”