As the cryptocurrency market experiences growing pains, cybercriminals continue to dupe inexperienced investors. A recent example is a phishing scam targeting the Bee Token ICO, resulting in a lot of stolen Ethereum.
Phishing for Honey
Over $1 million worth of Ethereum tokens has been stolen by cybercriminals posing as Bee Token, a cryptocurrency startup with hopes of revolutionizing the home sharing industry by way of the blockchain.
Bee Token officially confirmed the phishing attacks via its official Twitter and Medium accounts.
This is a fake/scam email. Please disregard it. https://t.co/CzhhGvoFl6
— The Bee Token (@thebeetoken) January 31, 2018
The coordinated attack was launched alongside the official launch of Bee Token’s initial coin offering (ICO).
ICOs have already been called out for putting inexperienced investors at a greater risk than those already accustomed to spotting scams, and this example helps validate that argument.
Bee Token has since come under heat for potentially failing to protect its users’ data by allowing email addresses to fall into the wrong hands, despite CEO Jonathan Chou’s claim that “We are not at risk of exposing all of our customers’ data in one go if there is a security breach.”
Targeted investors have taken to social media to share examples of the fraudulent emails in circulation.
— SolidCrypto (@Solid_Crypto_) January 31, 2018
Furthermore, the company officially stated:
Please note that we will NEVER EVER communicate an Ethereum address through an email or Direct Message to you via Telegram[…]We will NOT be using any QR codes in our communications. We will also NOT be giving 100% bonuses and we will NOT accept more than 0.3 ETH for the first 24 hours of our Token Generation Event. In addition, we will NOT be partnering with Microsoft.
Bee Token also encourages its investors to report any and all suspicious activity.
Will the Real Charlie Lee Please Stand Up?
Fraudulent Bee Token imposters aren’t the only cybercriminals claiming to be someone else.
Fake Twitter accounts have run rampant as of late, with many cybercriminals posing as Litecoin founder Charlie Lee, Ethereum co-founder Vitalik Buterin, and Tron (TRX) founder Justin Sun. The accounts in question often change one or more letters from the real individual’s username, while creating the exact same display name and profile image.
Fraudulent Twitter accounts are almost unanimous in the fact that they all claim to send large amounts of cryptocurrency to individuals in exchange for a lesser amount, which must be sent to a specific address.
Both Buterin and Sun have called upon their followers to report fake accounts.
TIL that the # of ways to alter my name via a single addition, substitution, swap or deletion is 827 (753 if adjacent swap only)
Whack a mole to stop scam accts is NOT working….. we need enforcement of Levenshtein-Damerau distance b/w accounts (or a better reputation system)
— Vitalik Buterin (@VitalikButerin) January 31, 2018
Everyone please report this fake account. https://t.co/GSMD8z5LWr
— Justin Sun (@justinsuntron) December 16, 2017
Fraudulent accounts can easily be distinguished from the real deal by their relatively small number of followers and lack of official verification.
If you see something, say something—and report scam accounts wherever you see them.
Have you spotted scam accounts on Twitter? If so, do you report them? Let us know in the comments below!
Images courtesy of Shutterstock, Twitter/@thebeetoken, Twitter/@Solid_Crypto_, Twitter/@VitalikButerin, and Twitter/@justinsuntron.