Twitter scam: Ethereum / BasicAttentionToken “giveaway”

I’m a big fan of the Brave browser and BasicAttentionToken — an innovative idea to radically improve the web. And so I was excited to see their (legit) tweet. My startup Public.Law is a verified publisher, and I’m investigated the partnership program:

It’s awesome to see the new digital ad program getting testing. Following this tweet, Twitter displays these:

Screen Shot 2018-05-03 at 12.16.28 PM

E-coin faucets have been around for a while, and I’ve never had a problem with them. So I clicked the link, and saw the dwindling amount left to give away. I saw that I just needed to send 0.5 ETH to get the payment, which also sounded ok, because several different e-coin apps (like the Brave browser) sometimes need you to put some money in to get started. 0.5 ETH didn’t sound like much at all.

Screen Shot 2018-05-03 at 12.24.08 PM
The giveaway site

I was ready to convert $$ to ETH, but then I saw how much money that’d actually be: $400. I was ready to go, but I’ve never sent that much money online:

Screen Shot 2018-05-03 at 12.28.35 PM

And so I went back to the giveaway site to look closer. I saw some red flags: there isn’t actually the BasicAttentionToken logo or name anywhere on it. And the domain name is completely unrelated. I asked about it, but haven’t heard back from @AttentionToken, who is also cc’d:

Then I realized that this follows the standard scam strategy of getting the victim to pay a “small amount” to “win” a much larger amount. Just like lottery and Nigerian email scams.

Finally, I realized that there’s a series of fake BasicAttentionToken Twitter accounts. Notice the extra letter l at the end: @AttentionTokenl. Ouch. This is 100% scam.

I picked up on it probably because they asked for a lot of money. I was about to send real cash in, but stopped at the $400 amount. (And yeah, I thought it was just $200 at first.)

I’m embarrassed to say that I study these scams as a hobby, and still got taken in.

My Observations: Both Twitter and BasicAttentionToken need to take action

  • The mechanism for this scam exploits Twitter’s platform; the way it looks and acts for a user. It hacks the user’s trust and knowledge how Twitter works.
  • BasicAttentionToken’s official Twitter account doesn’t have the blue checkmark; that’d help people identify fake accounts, and might get faster response to Twitter for these problems.
  • The scammers use the official BAT logo and name; surely there’s an algorithmic way that Twitter could act earlier on these.
  • BasicAttentionToken needs to reply quickly and decisively to fraud reports; they need dedicated fraud staff if they don’t have it. And they need to reply quickly to build confidence in the financial system they want to create.

Update 1

I’ve traced the domain name and IP address to Namecheap DNS & web hosting. I’ve contacted them, and they’ve begun an investigation.

Update 2

Namecheap has suspended the account; great, quick work on their part.

Screen Shot 2018-05-03 at 6.15.02 PM