Silkenweb Example: Hackernews Clone

Crypto scammers piggybacking Trump’s Twitter, cloning Medium, stealing crypto

59 points by joegaebel 4 years ago | 91 comments

jwcrux 4 years ago
This is a scam that has been going on for years that has adapted its techniques over time.
We used this botnet as a case study back in 2018 when doing analysis on finding Twitter bots at a large scale. You can find the paper here [0] - the cryptocurrency scam botnet starts on page 28. You can also find the talk here [1] where we go into a little more detail. In full irony, someone tried sharing our research on Twitter, and one of the bots replied to the thread trying to spread the scam.
[0] https://duo.com/assets/pdf/Duo-Labs-Dont-At-Me-Twitter-Bots....
[1] https://www.youtube.com/watch?v=bQsRg0VsYoo
- aeternum 4 years ago
  It's very disappointing that Twitter has allowed this to go on for so long. The scam is so successful that it is now attached to pretty much every prominent tweet and drowns out actual replies.
  All it really takes to solve this is better UI. This is costing some users money and making the experience worse for everyone. Sad that Twitter isn't willing to take this seriously.
  - spurdoman77 4 years ago
    Maybe Jack is running the scam as a hobby and doesnt want to kill nice side hobby to stack sats.
pg_bot 4 years ago
This has been going on for quite some time, and I would be embarrassed if I were a part of Twitter's engineering team.
From a technical standpoint these types of scam tweets should be easily identified as spam and the fact that they aren't is damning.
- avian 4 years ago
  It's not just Twitter. Fake SpaceX "live" streams with a couple thousand viewers regularly pop-up in my YouTube recommendations. They're peddling the same kind of crypto scams.
  - extrapickles 4 years ago
    What they typically do is takeover an existing YouTube channel, rename/brand it so it shows up in all of the people who subscribed to the channels feeds.
    It’s even more maddening that there is no way to report that a YouTube channel has been compromised, there are only report options for inappropriate content of various sorts.
coldpie 4 years ago
So cryptocurrency is dead, right? After some brief interest around the middle 2010s, where some vendors actually did accept it, they seem to have all revoked their support for it. All that it seems to be used for now is scams, ransomware, and pump-and-dump schemes.
- JumpCrisscross 4 years ago
  > cryptocurrency is dead, right?
  No, not quite. Total new investment into the space is falling. But it’s nowhere close to zero.
  It will probably never totally die. Instead, like baseball cards or beanie babies, it will atrophy into obscurity.
  There are enough people who have sunk enough into the project—financially, reputationally—that, barring a depression, it will continue to have backers for at least another few decades. As long as Tether doesn’t overplay its hand, prices should keep the illusion going. It’s a cautionary tale regarding the staying power of purposeless institutions.
  - intotheabyss 4 years ago
    You're implying that there are zero use cases for public cryptocurrencies other than as collectibles. This couldn't be further from the truth. There's a thriving decentralized finance ecosystem on Ethereum with more than 10B in value locked away. DeFi is an application that's only made possible because of the existence of an open public smart contract protocol. You're being very disingenuous.
- zeroxfe 4 years ago
  The cryptocurrency space is quite alive, and is thriving. As much as people like to hate on it, the whole space rife with engineering, social, and economic challenges that attract geeks. Unfortunately, it attracts a lot of scammers too.
  - tyre 4 years ago
    The space is thriving in that people are working on it, but I wouldn't say it is thriving in terms of non-crypto people actually using these products.
    It's a pretty self-contained bubble of geeks building things for other geeks. Which isn't not interesting! But the expectations set by the cryptonauts was that this was all going to change the world.
    And then ran face first into the reasons the existing systems work the way that they do, haven't communicated well to "average" people, can't tell a non-theoretical/ideological story of why what they build exists, etc.
    There are some great people working on crypto projects, but I wouldn't say it is thriving. The only mainstream company is Coinbase and they make money based on trading, not any underlying tangible value of the coins.
    - vmception 4 years ago
      > But the expectations set by the cryptonauts was that this was all going to change the world.
      So what?
      "omg this ycombinator founder didn't change the world" said nobody ever
      But mention crypto one time.... I guess it is nice that it is held up to a separate higher standard and captivates the minds of some people willing to help it get there.
      Some people here mentioned a standard about merchant adoption, even to that, so what? thats the least interesting use case, the M0 money supply is small in exchange systems people choose to respect, its panned out the same way in crypto but people decide to make a separate standard of "hey a lot of this is used for speculation! I don't consider that a use case, is it because I'm ignorant of how fiat currencies work, no, can't be".
      There are various services for merchants that shield the merchant from knowing crypto is being used, and various services for consumers (like debit cards) that shield them from needing to directly use crypto. That exists, not a lot of fanfare is needed, if you want to use that you can and don't need to write a whole blog post about it. Its not an interesting use case, no matter how much you felt you needed to quantify its use in that way in order to feel better about it.
      It also works, shrug, onchain (+tx eventually settled onchain) transaction volume is at all time highs and it doesn't even make international news because its not news, as it should be.
  - SQueeeeeL 4 years ago
    Sounds like magic the gathering card econ. Which is super fun! But personally, I definitely don't consider specing into Embercleave a meaningful societal mover
    - jand 4 years ago
      Funny detail: Magic the gathering hits very close to home by accident.
      One of the (back then) dominating bitcoin exchanges used the domain mtgox.com which was an acronym for "magic the gathering online exchange".
    - arcadeparade 4 years ago
      "defi" is an interesting concept that gained a lot of traction over the summer. Over $10 billion in crypto assets has been deposited in various protocols such as Aave which is like a decentralised bank operating on ethereum.
    - dfxm12 4 years ago
      Sounds like magic the gathering card econ.
      Does this mean you can only make real money if you got in at the very beginning?
- pjkundert 4 years ago
  As a Canadian consultant working for US clients, I can assure you — the worst Cryptocurrency usability problems are better than the typical Canada/US wire transfer Banking experience.
  - wmf 4 years ago
    The first time I sent a wire from US to Canada it bounced because I didn't include the street address of the branch where the recipient account was located. The mind boggles.
    - smsm42 4 years ago
      I was always wondering - virtually all money being electronic now, what the heck they are doing with all those branch addresses? I don't even have "branch address" - my account is just numbers, and if I need some live human service, I just walk into any random branch and they are happy to help me.
  - 4 years ago
- smsm42 4 years ago
  It's not dead, but it's not mainstream either. It's a bit like quidditch - there are a bunch of people interested in it, and they have their own ecosystem, but don't expect the Olympic Committee to be calling anytime soon.
  OTOH, the regulators are getting quite serious in recognizing crypto - including reporting requirements and enforcement. The era where it was tiny enough the IRS basically didn't care except for tiny amount of outlier cases is gone.
- miguelmota 4 years ago
  Far from dead. It's been growing rapidly, particularly the decentralized finance (defi) space. Number of transactions has been steadily going up in Ethereum: https://etherscan.io/chart/tx
  - dr-detroit 4 years ago
    As far as a way to remain untraceable (organized crime) or untaxable (the elites) the main use cases for crypto have moved on particularly to things (like designer handbags) that actually accrue value over time and/or are not numbered and tracked publicly.
- seibelj 4 years ago
  BTC is currently $11.5k USD, market cap $200 billion+. This is a valuable asset.
  - coldpie 4 years ago
    Yeah but like, what's it valuable for? It seems like commodity trading, except the commodity that is being traded is who gets stuck holding the bag when it all collapses. There's no real value there.
    - leppr 4 years ago
      It's money not controlled by any single government or entity. It can be exchanged almost as easily as cash. If you don't see the use in that, then good for you, your needs must be met by the existing financial services.
      Personally, I used it to buy electronics in Japan, worked well. Also used it to sell my VR headset in person, because Paypal and our banks didn't allow the transfer. I use it to tip and donate to various online creators with no fuss. It's really quite simple, no need to overthink it.
      Sure, maybe one day the price will crash or the peg fail, but for most intents and purposes it works fine. Monitoring crypto prices and fundamentals is not so bad compared with traditional finance folks having to read through hundreds of all-caps tweets to know how much value the USD will lose this month, or sifting through reddit WSB troll posts to know which stock to buy.
    - jandrese 4 years ago
      It's kind of like asking what Tulip Bulbs are good for. There's a niche use case, but most people are just in it to make money by basically gambling.
    - cryptica 4 years ago
      >> Yeah but like, what's it valuable for?
      It's a deflationary store of value.
      What is Gold valuable for? It's a deflationary store of value (though it does inflate slightly so it's not as good as Bitcoin in that sense).
      Deflationary stores of value are valuable.
      It's the same reason why a battery is valuable if you have solar panels. It captures excess energy from the system and allows you to store it for later use when you actually need it (like at night when the sun doesn't shine).
      When the Fed is printing tons of money, the sun shining... You don't know what to do with all that excess energy. You could buy more electrical appliances to consume that excess electricity (e.g. invest in that hot new startup), but you already have more of them than you know what to do with... You may as well store that excess energy to use later for a rainy day.
    - throw_m239339 4 years ago
      Not a fan of bitcoin here but apparently it helps Venezuelans survive the terrible ordeal they are going through, because they can actually buy stuffs with bitcoin ,get donations to buy food,... thus avoiding US sanctions.
  - bigbubba 4 years ago
    Many things appear to be a valuable asset, right up until the moment they aren't. In mid-2000, Enron stock was a 'valuable asset.'
    - jandrese 4 years ago
      That said a lot of people have grown old waiting for the Bitcoin bubble to burst.
  - MichaelBurge 4 years ago
    At 72.61 terawatt-hours/year and an average electricity cost of 13.19 cents/kilowatt-hour, that's an asset that loses 9.6 billion per year. And if you ever stop wasting electricity, your bitcoin become less valuable.
    https://digiconomist.net/bitcoin-energy-consumption/
    - smsm42 4 years ago
      I think there's a mistake here since crypto is not mined with average electricity. Nobody (at least not at scale) just puts a mining rig in an apartment in the middle of San Francisco. It's mined where it's cheap, so using average residential energy price is hugely misleading. That's like estimating the cost of making a car by summing up the prices of parts and labor at the car dealerships - that's not how the parts are actually procured when making a car!
    - oarsinsync 4 years ago
      > an average electricity cost of 13.19 cents/kilowatt-hour
      Source? The link supplied uses 5 cents/kWh, which is also an assumption on their part that they do not explain either.
      There are lots of reports of 'seasonal mining' occurring in China, where mining operations are occurring in areas with very cheap or completely free electric, generally because the costs of producing the electricity are fixed, rather than scaling up or down with demand (geothermal / hydro / other renewables).
    - Passthepeas 4 years ago
      Vast majority of crypto currency mining is done with excess green energy that would otherwise be rejected by the grid and wasted, as high as 78% by some estimates. https://medium.com/value-of-bitcoin/bitcoins-energy-consumpt...
- cryptica 4 years ago
  I was a Bitcoin skeptic for years so I understand this point of view. This point of view makes sense if you assume that the financial system works properly which is what the vast majority of people still assume.
  The vast majority of people are wrong. The financial system doesn't work; it's easy to exploit. It's no coincidence that many cryptocurrency enthusiasts are hackers; they found vulnerabilities in the system and are exploiting it. In the context of our corrupt, dysfunctional system, the value is solid and price will always go up in the long run.
  Corporations are also exploiting the financial system using many of the same tricks, but cryptocurrencies have the advantage of being completely faceless and totally unaccountable. It's the next phase in the evolution of corporate personhood; which was a horrible but very successful idea. It's all about reducing liability. Whatever financial instrument is best at reducing its liability will win.
  - smsm42 4 years ago
    You seem to be confusing two things - system working and system being un-exploitable. Example - it's pretty easy to shoplift in any of the retail shops. In fact, shoplifting happens all the time. Still, nobody would claim retail model doesn't work because people would just come and shoplift everything and nobody would pay and the retailer would go bust. What actually happens is that vast majority of people do not shoplift, and the retail system works and produces massive profits.
    > but cryptocurrencies have the advantage of being completely faceless and totally unaccountable
    Advantage, but also disadvantage. If a bank cheats you, you have options to complain to regulators, to the police, to the FBI, to you Congress representative finally. It won't work in all cases, but it's an option that's available to you. If a crypto scammer cheats you, well, nobody is accountable. For some people, it's a big issue, because it greatly increases the friction in transactions.
    - cryptica 4 years ago
      This is not true because the bank does cheat me. Has been cheating me for a decade but the police won't do anything about it. If I try to sue the Reserve Bank, the judge will dismiss my case without even hearing the evidence.
      Also, politicians never answer my emails and I did try. I must be living on a different planet.
- KMnO4 4 years ago
  Don't forget anonymous payments. Lots of vendors selling legally questionable (or illegal) things only take cryptocurrencies. I see that as a huge boon for these industries, who would otherwise have to figure out credit card processing, bank transfers, or being repeatedly shut down by Paypal/Venmo/etc.
  - floatboth 4 years ago
    Not anonymous (mainstream creeptocurrencies are traceable by design!) but censorship resistant. Yes, this is the ONLY use case for the buttcoins.
    The problem is that for every successful weed and nudes sale there's a million ransomware attacks, scam calls, and absolutely fraudulent "investments".
    - Passthepeas 4 years ago
      completely false, privacy coins command billions of dollars in market cap, Monero alone is currently worth 2.2 billion and will likely continue to grow.
- crumbshot 4 years ago
  Not quite, it still has one positive use case: buying drugs (and other similarly prohibited items) off the dark web.
  And there remains plenty of interest in academia, there are still many fascinating areas of research in this space.
- Shared404 4 years ago
  Newegg at least still accepts it. I believe Humble does as well, but I don't know that.
- thom 4 years ago
  Yes but the _appetite_ for these scams is seemingly infinite, so crypto seems far from dead.
- jMyles 4 years ago
  One data point: we're launching the NuCypher Ursula service on ethereum mainnet tonight at UTC midnight. So, quite far from dead in some people's minds. :-)
- 4 years ago
- trident1000 4 years ago
  Theres people who use it for certain things, like PornHub just started accepting BTC payments.
  But there has never been more institutional and high net worth interest in BTC than now as a value store and adoption for a global reserve currency (we can see this from the institutional gateway inflows). Some recent examples: Microstrategy invested $425 million in BTC over treasuries. Twitter bought $50 million the other week (and Jack Dorsey owns BTC personally). Paul Tudor Jones bought in with about 2% of his total assets. Its gaining traction in this area as a value store.
  - SQueeeeeL 4 years ago
    Wait, that sounds like fraud. The CEO of a company had the company he runs buy into a limited asset he also owns...
    Gg society, the fact that we're talking this up like it's a good thing means most of us deserve to be poor af
    - oarsinsync 4 years ago
      It's only (potential) fraud if he doesn't disclose his stake as a potential conflict of interest.
      I'm not suggesting that Twitter investing in BTC is or isn't a good thing, but the CEO having a personal stake should not prevent the company from investing if there's suitable expectation of positive returns for the business.
    - trident1000 4 years ago
      Sounds a little dramatic (especially since 50 million isnt moving the price single handedly). Also stock buybacks are essentially the same thing (if you were to call it a conflict of interest) and almost every company in existence does that.
- cryptica 4 years ago
  The idea that the financial system works seems to be a contradiction when you consider that cryptocurrencies (which exist within that system) have been performing extremely well for over a decade. If scams can thrive so well in our system (to the point of becoming worth hundreds of billions of dollars), then how do we know that the biggest corporations are not scams too? How do we know they're not all empty shells? Their earnings (P/E ratios) are very low... And on top of that, I would question the source and legitimacy of these modest earnings.
  What kind of system allows scams of this scale to thrive for over a decade? What kind of system supports bailouts of big corporations every few years? Corruption of the media? Corruption of politics? I don't think any of these fit the description of a 'working system'.
  EDIT And what kind of system supports downvoting (thus trying to censor) such a logical comment as this one?
fortran77 4 years ago
Why are "crypto" people so willing to believe that "Elon Musk" is offering to double their money?
- bigbubba 4 years ago
  People who are desperate are easier to scam because they 'want to believe.' They're looking for miracles because they think that's all they could hope for. I think it's less a matter of crypto people being gullible and more a matter of desperate people being gullible and consequently becoming crypto people. Organized religions often target the same demographic for the same reason. Born-again preachers love reaching out to broken junkies and alcoholics.
- shoes_for_thee 4 years ago
  I am also puzzled about the intersection of people savvy enough to own bitcoin and dumb enough to think musk is gonna give them free money.
  - nkrisc 4 years ago
    Considering the conversations I overheard about "crypto" in 2018, I'm not entirely surprised. There's a lot of gullible people who bought Bitcoin or Ethereum expecting to get rich.
- wmf 4 years ago
  Are these scams hitting "crypto people" or noobs who buy some BTC just to get in on the scam? The gift card scams aren't targeting existing gift cards; they tell people to go out and buy gift cards.
- Xavdidtheshadow 4 years ago
  Because it's almost plausible? He's an eccentric billionaire known for his erratic behavior. Maybe one day he really does decide to shower the masses with a paltry (for him) $100k of Bitcoin. "It's weird and tech-y, just like him!"
  - roywiggins 4 years ago
    It's just a slight update on the Bill Gates chain-letter emails from the 90s.
- smsm42 4 years ago
  In the last "doubling" scam I've seen a lot of people literally saying "I don't really believe it but the sum is low enough I'd send it anyway just to see what happens". Get a million of those, and you have some money. I personally don't understand what moves those people but I guess I have to recognize they exist.
- 4 years ago
smsm42 4 years ago
So the new thing is that hacking bluecheck account basically gets official Twitter stamp of approval on anything on that twitter account. And since display name and bio can be easily changed, basically the only think bluecheck is confirming is that the handle at one time belonged to a real person. And if somebody chooses a "witty" handle which does not identify the person clearly, you won't even know which one.
4 years ago
vmception 4 years ago
Welcome to 2 years ago.
Can someone help me here, how do these alarmist articles pop up occassionally as if this hasn't been happening for years.
Why does my twitter experience, logged out, consistently show me the fake crypto scams as the first response to any public figure, with heavy activity and evolving responses, while others get to act like they've never seen this before and must warn everyone.
Any theories?
One theory I have is that most people actually falling for these don't talk about it. Similar to most scams, people just feel too dumb.
benvineyard 4 years ago
I'm seeing an increase in Youtube scams as well where 5k bitcoins are "given away". The video and content look very legit and casual content browsers are easily susceptible.
1MachineElf 4 years ago
I didn't realize this was still going on. Saw one of these posts in like 2017 under the handle @elonmvsk. Sad it's still happening.
sat_nam 4 years ago
I observed something similar that began earlier this year. I wrote about it on the Tenable blog. They impersonate many of the people following Trump and engaging with his tweets, irrespective of party affiliation.
https://www.tenable.com/blog/cryptocurrency-scams-fake-givea...
- joegaebel 4 years ago
  Wow, amazing. I had no idea it was so prevalent. Thanks for writing this up!
hooper2019 4 years ago
Can the victims of scam get their money back? Yes, if you have fallen victim to scam from an unregulated investment platform or any scam at ll then are eligible to recover what was stolen from you and this can only happen if this is reported to the right people. With the right approach and with evidence, you will get what you lost back. Those behind these unregulated platforms will likely want to sell the idea that what happened to your investment was an unfortunate occurrence when in reality what happened was theft via elaborate means. If you are a victim or you know any one who is a victim of these occurrences, you should know there are people who can help you. Simply search (corecrypto tech-cryptocurrency recovery) on google just the way it is in that bracket. It is never too late if you have the right information, your sanity can be restored.
aokiji 4 years ago
Loving the army of shills attacking the use of crypto. I wonder if the changes that were imposed on Jack Dorsey's (and his ability to stay in the board of) Twitter were just aimed at subverting the propagation of crypto.
The central banking mafia runs deep.