X users at risk as crypto scammers exploit new design flaw
Crypto scammers have found a new way to abuse X interface to propagate scams, fake giveaways, and deceptive Telegram channels.
As reported by BleepingComputer, fraudsters have started actively taking advantage of what appears to be a user interface flaw, enabling them to create seemingly legitimate URLs containing malicious content.
This flaw, initially identified by X user @rcwht_, empowers scammers to publish tweets that mimic those from authentic accounts.
Interesting scam crypto-related tweets. Link looks like it should direct to binance, but actually direct to some scammy account.
Been tagged in two of these and they both use https://t.co/2HhH3FW3nT – anyone know whats going on here? pic.twitter.com/NVtFkm12d6
— Rob White (@rcwht_) December 17, 2023
According to BleepingComputer, scammers can change the status_id field, while putting the legitimate tag in the account_name field. For instance:
- https://x.com/[account_name]/status/[status_id]
- would look like
- https://x.com/itscrypto_news/status/1736650221243826564
In the example above, the link would be displayed as if it were posted by crypto.news. However, when a user opens the link, it redirects them to Elon Musk‘s post as the status ID fetches the corresponding post from the website’s database without verifying if the post is linked to the account_name field.
You might also like: Scammers exploit Bitcoin ETF hype with fake IBTC token
The vulnerability apparently allows scammers to modify the account name, even for high-profile accounts. As a result, fraudsters have been exploiting the flaw for a few weeks now, targeting crypto-related accounts such as Binance, Ethereum Foundation, and many others with fake airdrops, security researcher MalwareHunterTeam told BleepingComputer.
Given that this redirect is a standard X feature, it is unlikely to change for enhanced security, the report notes. Consequently, users are advised to scrutinize the address bar when clicking on X links to confirm they are visiting the intended tweet without redirection.