Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Twitter Bots Pose as Support Staff to Steal your Cryptocurrency

Twitter Bots Pose as Support Staff to Steal your Cryptocurrency

Scammers monitor every tweet containing requests for support on MetaMask, TrustWallet, and other popular crypto wallets, and respond to them with scam links in just seconds.

To conduct these targeted phishing attacks, scammers abuse Twitter APIs that allow them to monitor all public tweets for specific keywords or phrases.

If those phrases are present, these same programs will direct Twitter bots under the scammer’s control to automatically reply to the tweets as fake support agents with links to scams that steal cryptocurrency wallets.

These attacks are nothing new, and we reported on them in May. However, these attacks have expanded to other cryptocurrencies, and the scams continue to run rampant.

Therefore, we felt it was vital for our readers to revisit this attack and illustrate how it works, so you do not accidentally become a victim.

Also Read: Data Protection Trustmark Certification: Business Advantage

The anatomy of the Twitter crypto scam

In tests conducted by BleepingComputer, tweets containing the words ‘support,’ ‘help,’ or ‘assistance’ along with the keywords like ‘MetaMask,’ ‘Phantom,’ ‘Yoroi,’ and ‘Trust Wallet’ will result in almost instantaneous replies from Twitter bots with fake support forms or accounts.

Other keywords have mixed results, such as wallets’ names and the word ‘stolen.’

Our first test of these cryptocurrency scam bots was to pack a tweet with numerous keywords and see what would happen.

I need trust wallet metamask phantom yoroi support! I lost all my crypto and password recovery phrase.

Come on all you bots!— Lawrence Abrams (@LawrenceAbrams) December 6, 2021

We then conducted further tests to try and narrow down what keywords would trigger the bot’s replies.

Within seconds of posting our tests, we received replies from numerous scam accounts pretending to be MetaMask and TrustWallet support accounts, “previous victims,” or helpful users.

Fake MetaMask support accountFake Phantom support account
Trustwallet scammerYoroi scammer

All of the scammer’s replies share a common purpose – to steal the recovery phrases for a victim’s wallet, which the attackers can then use to import the wallet onto their own devices.

To steal the recovery phrases (aka seed phrases), the threat actors set up support forms on Google Docs and other cloud platforms.

These forms impersonate a basic support form, asking the user for their email address, the problem they are having, and their wallet’s recovery phrase, as shown by the fake MetaMask support form below.

Also Read: Data Anonymisation: Managing Personal Data Protection Risk

Fake MetaMask support form
Source: BleepingComputer

When prompting for the recovery phrase, they include silly language about it being processed by their “encrypted cloud bot,” likely to try and convince the user to post the sensitive information.

Prompting the victim to enter their recovery phrase
Prompting the victim to enter their recovery phrase

Once the recovery phrase is sent to the attackers, it’s game over and they now have full access to the cryptocurrency within your wallet and can transfer it to other wallets under their control.

Before you say that no one falls for these scams, sadly, that is untrue, and Twitter users have had their wallets, cryptocurrency, and NFTs, stolen.

@merchant_token I wasn’t able to change my withdrawal address from Binance to metamask, so I contacted and have been fooled by a fake metamask support @MetaMasko who stole my tokens from my Metamask Wallet.— Sébastien FC (@fc_sebastien) July 9, 2021

Thank you Kenzie. I was getting what I thought was customer support for funds that were missing since last week. The fake customer support shared a link , and through that they extracted my Metamask. I’ve been all day trying to at least recover art that wasn’t sold.— Nightversion (@NightversionHQ) November 24, 2021

Twitter told BleepingComputer that using Twitter APIs to spam is against the rules and that they are actively working on new methods to prevent these attacks.

“It’s against our rules to use scam tactics on Twitter to obtain money or private financial information, including through automated activity. Our Developer Policy also strictly prohibits the use of the Twitter API and developer products to spam people,” explained a Twitter spokesperson.

“When we identify apps or accounts that violate these policies, we take appropriate enforcement action. We’re constantly adapting to bad actors’ evolving methods and we’ll continue to move quickly to address cryptocurrency scams on the platform as they evolve. “

Never share recovery phrases!

As a general rule, you should never share your wallet’s recovery phrase with anyone. The recovery phrase is only for you, and no legitimate support person from MetaMask, TrustWallet, or elsewhere will ever ask for it.

It is also important to remember not to share your screen with an untrusted user who then requests that you display your recovery phrase. At that point, they can simply take a screenshot and write it down manually.

Ultimately, these attacks will continue unless Twitter figures out a way to prevent these bots from running rampant, restrict the use of specific keywords, or put more stringent controls on who can join their developer platform.

Update 12/7/21: Added statement from Twitter.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us