Twitter Scammers Are Hijacking Verified Accounts for Fake Azuki NFT Airdrop

In brief

  • Twitter users that claim to be affiliated with the Azuki NFT project are scamming people and stealing NFTs from their wallets.
  • The scammers are hijacking the accounts of verified users, including some journalists, to perpetrate the scheme.

Twitter users beware: if you’ve been tagged in a thread about an amazing opportunity for free Azuki NFTs, do not click the link and connect your Ethereum wallet. It’s likely part of a recent scam, and it is not an official initiative from the creators of Azuki.

Scammers are hijacking the accounts of verified Twitter users, including journalists and media professionals, and then changing the profile text and images to suggest that the account belongs to one of the co-creators of the popular Azuki project (the real founders at Chiru Labs all use pseudonyms).

From there, the scammer tweets out a link promising a “secret airdrop” of Beanz, the NFT drop that was given out free only to existing Azuki NFT holders last week. The tweet suggests that NFT collectors in the community should click the link to “claim a bean,” and then they are prompted to connect an Ethereum wallet as part of the fraudulent scheme.

Ultimately, what appears to happen is that people who connect a wallet to the site are having NFTs stolen from their respective wallets. They receive no Beanz NFTs and nothing else in return.

A screenshot of the type of tweet used in the scam, which also included an image of a Beanz NFT. Image: Twitter

In at least two cases, the journalist in question had their account compromised via a phishing email that was claimed to be sent by Twitter’s support team. One journalist, who spoke to Decrypt under the condition of anonymity, said that their account had sent out more than 6,000 tweets, with nearly all of them tagging several potential victims for the scheme.

The Azuki-themed scam is very similar in approach to a recent one surrounding ApeCoin (APE), the Ethereum-based token created for the budding Web3 ecosystem that’s being built around Yuga Labs’ Bored Ape Yacht Club NFT project.

In March, more than $1 million worth of NFTs were reportedly stolen from collectors who interacted with a Twitter scam, which promised to airdrop a bounty of ApeCoin tokens to users. However, when someone connected a wallet, the scammers likewise stole NFTs that were within the wallet—including Bored Ape and Mutant Ape Yacht Club collectibles, in some cases.

Much like the Azuki scam, the ApeCoin scammers hijacked the Twitter accounts of verified users, including journalists, and claimed to be founders of Yuga Labs and the Bored Ape Yacht Club. Curiously, some of the ApeCoin scam victims claimed that they did not connect their wallet at the listed website, yet still said that their NFTs were stolen.

By using stolen verified Twitter accounts, the scammers have been able to convince some NFT collectors to interact with their scheme. In some cases, people have responded to the tweets openly asking why Twitter would verify a scammer, but it’s the other way around: a scammer had stolen a verified account to give the appearance of being reputable.

In both cases, it should be made clear that the real creators of the Bored Ape Yacht Club and Azuki NFT projects are not behind these scams. ApeCoin was only airdropped—or sent to NFT holders’ wallets—to existing Bored Ape holders, while Beans have only been airdropped to Azuki NFT holders. Those are exclusive benefits for owners of these valuable NFT collectibles.

An NFT acts like a deed of ownership to a unique digital item, and the wider market yielded some $25 billion worth of trading volume in 2021 alone—and over $12 billion more in the first quarter of this year. Popular NFT use cases include profile pictures (like Azuki), sports collectibles, interactive video game items, and more.

The extent of the overall damage from the Azuki scam is currently unclear. The journalist that Decrypt spoke to said that once they recovered their Twitter account, they received numerous direct messages from people who had been scammed and were requesting their stolen NFTs back. The journalist no longer had the DMs to share with Decrypt.

One of the media professionals most recently affected by the scam was Emily Buder, head of video at Quanta Magazine, whose account was apparently hijacked today. As the screenshot above shows, her profile kept her real name intact, but listed her as a co-creator of Azuki, as well as a former artist for the video game Overwatch.

This account was hijacked and made to look like that of an Azuki co-creator. Image: Twitter

Whoever was controlling Buder’s account at the time tweeted out the scam and then proceeded to tag thousands and thousands of people in a subsequent thread of tweets. The fraudulent Azuki branding and imagery have since been removed from the account, but the tweets remain visible as of this writing.

Decrypt emailed Buder for additional info on the attack but did not hear back. Decrypt also reached out to Twitter for comment about the Azuki-themed NFT scam and rising overall examples of NFT-related scams on the platform. A Twitter representative confirmed that the company is “aware of and actively working on a solution to combat” these scams.

Azuki is one of the most popular new NFT projects to launch so far in 2022, generating about $563 million worth of secondary market trading volume since its January launch, per data from CryptoSlam. A single Azuki NFT sold for a record $1.42 million last week. The Beanz NFTs, meanwhile, have already seen $60 million in trading volume since last week’s airdrop.

Editor’s note: This article was updated after publication to include comments from a Twitter representative.

The best of Decrypt straight to your inbox.

Get the top stories curated daily, weekly roundups & deep dives straight to your inbox.

Source: https://decrypt.co/97334/twitter-scammers-hijacking-verified-accounts-fake-azuki-nft-airdrop