The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Cybercriminals scammed a record number of victims with cryptocurrency

with Aaron Schaffer

Scams luring people with fraudulent offers of cryptocurrency investments have skyrocketed, the Federal Trade Commission yesterday reported. Nearly 7,000 people reported losses of more than $80 million from October through March. That's a nearly 1,000 percent increase in financial losses compared to the same time period last year and 12 times as many victims.

More than half of those who reported cryptocurrency scams to the FTC indicated social media as the means through which cybercriminals made contact with them. 

The new findings underscore an ongoing struggle by social media platforms to keep cybercriminals from spreading the scams and hacking into verified accounts to do so, mainly on Twitter and YouTube.

The scams identified in the FTC report took two forms. In one method, scammers lured users to websites that allegedly offered chances to invest in cryptocurrency. In the second, scammers launched fake giveaways offering to multiply victims' cryptocurrency.

To gain user trust, scammers typically take over verified social media accounts and then change the accounts' names and pictures to match that of a high-profile celebrity. One popular target for impersonation is Tesla CEO Elon Musk, who frequently tweets about cryptocurrencies. Victims have reported sending more than $2 million in cryptocurrency to Musk impersonators over just the past six months, according to the FTC.

The FTC's data only goes through March, but cybercriminals haven't dialed back.

Ahead of Musk's appearance on Saturday Night Live earlier this month, hackers compromised a number of YouTube and Twitter accounts with millions of followers, turning them into fake accounts for the show and Musk.  Scammers used the accounts' seemingly trustworthy status to spread fake cryptocurrency giveaway sites. Satnam Narang, a researcher at cybersecurity firm Tenable, estimated scammers may have earned more than $10 million from the SNL-related campaigns.

Spikes in the scams have coincided with an increase in interest from amateur investors in the incredibly volatile cryptocurrency market. 

These types of scams persist through bear markets, but thrive in bull markets because of first time investors hoping not to miss the opportunity to make significant profits, Narang said in an email. Because cryptocurrency is not a traditional investment, the allure of giveaways, especially those with celebrity impersonations of figures like Elon Musk, are likely to be more successful.

The Securities and Exchange Commission has warned that a lack of digital currencies regulation has led to potential for hard for victims to recover losses from the scams.

These scams are hardly new.

Scammers have been using compromised social media accounts to spread cryptocurrency fraud for years. In 2019, scammers used inauthentic Facebook and Instagram accounts to direct users to fraudulent sales pages for Facebook's new cryptocurrency, which was not yet launched at the time.

Last summer, accounts belonging to Musk as well as then-Democratic presidential nominee Joe Biden, Microsoft co-founder Bill Gates and other high-profile Twitter users were targeted in a widespread hack in which scammers used the figures' verified accounts to spread bogus bitcoin deals. 

Musk-related scams became so ubiquitous that in 2018 Twitter started automatically locking unverified accounts that changed their display name to Elon Musk.

But Narang, who has been monitoring cryptocurrency scams since 2017,  says social media platforms need to do more. Safeguards could include flagging when active or dormant verified profiles change their name and picture. Companies should also enforce two-factor authentication, a more secure login procedure, he says.

Both YouTube and Twitter have policies prohibiting financial scams. Both companies declined to comment on the FTC report.

The keys

Top lawmakers blasted Colonial Pipeline for not telling them whether it paid a ransom to hackers.

Reps. Carolyn B. Maloney (D-N.Y.) and Bennie G. Thompson (D-Miss.), who lead the House Oversight and Reform Committee and the House Homeland Security Committee, said in a statement that Congress can’t legislate effectively on ransomware because Colonial “refused to share any specific information” at a staff briefing about whether it paid a ransom.

The lawmakers also criticized Colonial for not having effective cyber defenses, noting the hack of the company, which carries 45 percent of the fuel consumed on the East Coast, “not only highlights glaring vulnerabilities in our critical infrastructure, it also exposes a marketplace in which it may be easier for a company to pay off a criminal than put resources towards preventing and defending against attacks.”

Colonial will continue to cooperate with Congress as the investigation of the attack continues, Colonial spokesperson Kevin Feeney wrote in an email.

 “At this point, our focus remains on safely delivering refined products as quickly as possible to markets we serve,” he wrote.

Apple made concessions to the Chinese government by sharing user data and abandoning control over encryption.

The company has stored Chinese user data on servers managed by Chinese state employees and has stored the keys for accessing data in those same facilities, the New York Times’s Jack Nicas, Raymond Zhong and Daisuke Wakabayashi report. The report injects new scrutiny into Apple’s practices in China, where it has rapidly expanded and Apple CEO Tim Cook has met with the country’s top leaders.

Two Apple employees said China’s government has to approve Apple’s encryption technology in the country. In a statement, Apple said it followed Chinese laws and has “never compromised the security of our users or their data in China or anywhere we operate.” A spokesman also said the company controls the keys protecting Chinese user data, and it uses its most advanced encryption technology in the country.

A lawmaker said the cyber review boards in President Biden’s new executive order were “poorly suited to the task.” 

The boards, which are based on the National Transportation Safety Board and its investigations of transportation crashes, are ill suited to cybersecurity because of the scale of the breaches and the “pace of change in cyberspace,” Rep. Jim Langevin (D-R.I.) told FCW’s Justin Katz in an emailed statement. 

Langevin, the chairman of the House Armed Services Committee’s cyber committee and a member of the Cyberspace Solarium Commission, said a Bureau of Cyber Statistics would be better suited to examine data on cyber incidents “in aggregate and provide empirical backing for cyber risk management decisions.”

The board’s first review, per Biden’s executive order, will be the attack on SolarWinds and other software. The attack compromised nine federal agencies.

Huawei has signed an increasing number of deals with developing counties despite U.S. warnings.

The company has signed at least 70 deals in 41 countries since 2018, despite pressure from the Trump administration to eschew the company’s technology. Those “warnings about Huawei’s security risks do not appear to be persuading decision-makers in developing countries,” a report by the Center for Strategic and International Studies’ Jonathan E. Hillman and Maesea McCalpin says.

“We don’t want their equipment in the United States because they spy on us,” then-President Donald Trump told Fox News last year. “And any country that uses it, we’re not going to do anything in terms of sharing intelligence.” Commerce Secretary Gina Raimondo said last month that, although the Biden administration is reviewing the blacklisting of Huawei, she had “no reason to believe that they won’t” remain on the blacklist.

Securing the ballot

‘Our democracy is imperiled’: Maricopa County officials decry 2020 recount as a sham and call on Arizona Republicans to end the process (Rosalind S. Helderman)

Global cyberspace

EU extends sanctions against Chinese, Russian, and N. Korean hackers for another year (The Record)

Cyber insecurity

D.C. police identify man who allegedly reposted data stolen from police computers (Tom Jackman)

Market for software exploits is often focused on Microsoft flaws, years-old technology (CyberScoop)


  • President Biden plans to nominate Matt Olsen, the chief trust and security officer at Uber, to lead the Justice Department’s National Security Division, the Wall Street Journal’s Dylan Tokar reports


  • Former Texas congressman Will Hurd discusses the national security threats posed by artificial intelligence at a Washington Post Live event today at 10 a.m.
  • Col. Jeffrey A. Phillips, the commander of the U.S. Air Force’s 67th Cyberspace Wing, speaks at an event hosted by the Alamo Chapter of AFCEA today at 1 p.m. 
  • The Senate Intelligence Committee holds a nomination hearing for Christopher Fonzone, President Biden’s nominee to be the Office of the Director of National Intelligence’s general counsel, and Brett Holmgren, Biden’s pick to be Assistant Secretary of State for Intelligence and Research, today at 2:30 p.m.
  • Lieutenant General Stephen G. Fogarty, the commanding general of U.S. Army Cyber Command, speaks at a TechNet Augusta event today at 1:30 p.m. 
  • The Homeland Security and Governmental Affairs Committee holds a hearing on the Department of Homeland Security’s intelligence and analysis office today at 10 a.m.
  • Deputy national security adviser for cyber and emerging technologies Anne Neuberger speaks at the RSA Conference at 11:45 a.m. today. Deputy Assistant Attorney General Adam Hickey and FBI Deputy Assistant Director Tonya Ugoretz discuss data breach reporting legislation at the conference at 12:20 p.m.
  • The Senate Armed Services Committee’s cyber panel holds a hearing on the cybersecurity of the industrial base today at 2:30 p.m. 
  • SolarWinds president and CEO Sudhakar Ramakrishna speaks at the RSA Conference at 11:50 a.m. on Wednesday.
  • Major General Maria B. Barrett, the commanding general of NETCOM, speaks at a TechNet Augusta event on Wednesday at 2:15 p.m. 
  • The House Armed Services Committee’s cyber subcommittee holds a hearing on President Biden’s budget request for Defense Department technology programs on Thursday at 11 a.m.
  • The House Veterans’ Affairs Committee’s technology subcommittee holds a hearing on cybersecurity on Thursday at noon.
  • Senate Homeland Security and Governmental Affairs Committee chairman Gary Peters (D-Mich.) speaks at a workshop hosted by the USC Election Cybersecurity Initiative on Thursday at 1:30 p.m.
  • Col. Jeff Erickson, the director of the Army Cyber Institute, speaks at an event hosted by the Information Systems Security Association Northern Virginia Chapter on Thursday at 6 p.m.
  • Former Undersecretary of Defense for Policy Michèle Flournoy, the co-founder of WestExec Advisors, speaks at the Institute for Security and Technology’s Strat-Tech conference at 2:10 p.m. on May 25.  

Secure log off

He has a point.