This article was published on August 14, 2018

Twitter is now recommending users follow cryptocurrency scambots

Its algorithm is pointing users in the wrong direction


Twitter is now recommending users follow cryptocurrency scambots

Despite constant pressure to ban them, it appears Twitter is actively contributing to the cryptocurrency scam epidemic on its platform and encouraging users to follow obvious scambot accounts.

The social media giant was caught recommending a suspicious account impersonating Tesla CEO Elon Musk, as spotted by security researcher Troy Mursch. The fake account even bears his name, something that was meant to be stamped out weeks ago.

Upon a closer look, Hard Fork was able to confirm the account was spreading links to a fake Ethereum giveaway – a popular new scam tactic. The link was hosted on Medium, but it has since been removed.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The more concerning part is that Twitter’s scambot recommendation is not an isolated incident.

The algorithm seems to be promoting blatant scam accounts to its users, as pointed out by Mursch and corroborated by Hard Fork.

We have since been able to confirm some of the recommended accounts were distributing links to fake Ethereum and Bitcoin giveaways – sometimes disguised as “official” initiatives by legitimate companies.

Among others, the list of impersonated companies includes Coinbase, TRON, Binance, Tesla, and SpaceX.

While all fake Medium posts we could find were wiped, some of the malicious links on Russian Google rival Yandex were still active.

However, the wallet addresses included in the Yandex posts were broken, which makes it difficult to gauge how much traction the links were getting in the first place.

For the record, researchers recently found out there is a 15,000-strong scambot army plaguing Twitter. Their success has been documented, too. Back in February, BleepingComputer reported that a group of Twitter scammers were raking in $5,000 worth of Ethereum every night.

More recently, Chepicap interviewed someone running a spambot who claimed that it generated 100-200 ETH every day (around $40,000). Even a bad day was worth around 50 ETH ($13,000).

Twitter was meant to be taking the giveaway spambot epidemic seriously. Towards the end of June, Twitter CEO Jack Dorsey reassured users that they would be doing everything in its power to eradicate the scams. A wordy blog post was even shared that supposedly showed it meant business.

It was only a short time later that Elon Musk was praising the resilience of the bots, so I guess he’s not really all that mad that his name has been hijacked by the botnet. Ethereum creator Vitalik Buterin lamented this and even begged for Dorsey’s help.

So what’s the deal, Twitter? Are you going to take care of this outbreak – or should we all start following the bots?

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with