Twitter scammers are on a hunting spree for verified accounts. This time it targeted the official Twitter handle of India’s University Grants Commission [UGC] on 10th April. The account which has around 2,96,000 followers was briefly compromised when unidentified hacker/s took control and posted a series of tweets tagging numerous unknown persons across the world.
The fraudsters changed the bio and profile picture replacing them with cartoonish images and promoting a fake Azuki NFT airdrop. After around 6 hours, the official handle send out an update saying the account was restored.
Lately, CryptoTwitter is being hijacked by NFT scammers who are targeting accounts with large followers in an attempt to make a quick buck via Azuki NFTs. They change profile pictures of the compromised account and pose as one of the co-creators of the Azuki project.
The scammers then flood the account with a secret airdrop of Beanz, an NFT drop that was given out to existing Azuki NFT holders. Through the hijacked accounts, the attackers trick people to claim a bean and connect their Ethereum wallets. Once gained entry into their wallets, the fraudsters promptly drain the NFTs from these wallets.
Among the compromised accounts was that of Emily Buder, the Senior Editor at Quanta Magazine. The tweet sent out from her account read,
Shh Secret Airdrop. For the next 24 hours, we are airdropping Beanz to all active NFT traders in the community! The Beanz will no longer be claimable after they have all been airdropped. Good Luck! #Azuki Claim A Bean azuki.team Welcome To The Garden.
Scammers used Phishing emails to hack into verified Twitter accounts
So far, in two confirmed cases, the owners of the compromised Twitter accounts admitted that the hackers could access their accounts through phishing emails, which seemed to originate from Twitter’s support time.
One journalist who wished to remain anonymous said their hacked account sent out over 6,000 tweets. These tweets then tagged several potential victims that the scheme targeted.
This attack rings similar to the ApeCoin [APE] scam, which also promised to airdrop APE to gullible users and saw bad actors walk away with NFTs worth over $1 million.