decrypt.co
In anticipation of Blast’s airdrop Wednesday, a minefield of malicious links cropped up on Twitter as scammers appeared to leverage tools meant for verified organizations.
One suspicious link eventually made its way into Blast's official Discord server too, before a potentially wallet-draining link was swatted down by a community moderator.
Users of the Ethereum layer-2 scaling network were collectively set to receive 17 billion BLAST tokens as part of the network’s initial airdrop. Created by makers of the incentivized NFT marketplace Blur, Blast’s distribution yielded an initial market cap of $392 million.
Myriad fraudulent posts, however, claimed that Blast’s airdrop had started much sooner than anticipated. Bearing the same profile picture and what appeared to be the same display name as Blast’s legitimate Twitter (aka X) account, several accounts beckoned users to visit fake websites hastily, while bearing “Gold checkmarks” that were introduced under the platform’s current owner, Elon Musk.
“THE MOMENT YOU ALL HAVE BEEN WAITING FOR,” a now-deleted account called studio_tribu wrote, which is unaffiliated. “The $BLAST Allocation Checker is now LIVE!”
Scammy links on Crypto Twitter are nothing new, but Wednesday's flood of fake posts underscores the platform’s ongoing challenges in thwarting bad actors. At least a dozen accounts emulated Blast while boasting a gold checkmark, given out to affiliates of verified organizations, all churning out fake posts.
For example, Twitter’s website states that each applicant looking to become a verified organization is reviewed. Yet an account called Blast_L2_now__ had attained verification, simply adding “_now__” onto Blast’s actual Twitter username in an attempt to get users to click a scam link and connect their wallets.
One victim lost $217,000 worth of crypto after visiting a phishing website that mimicked Blast, according to the cybersecurity firm Scam Sniffer. The user had unwittingly signed multiple phishing signatures at once, Scam Sniffer wrote.
🚨 Beware of fake Blast phishing websites!
🕵️♂️ 10 minutes ago, a victim lost $217,947 due to signing multiple phishing signatures. 💸🔗 pic.twitter.com/GSJfjLSNht— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 26, 2024
Within Blast’s official Discord community, a scam link was also shared, according to neried, one of the project’s pseudonymous core contributors. “Don’t click that,” the account warned another Discord member, who had remarked, “Saying invalid link.”
Verified organizations pay at least $200 a month for perks that include priority support and a distinguished look within Twitter. According to the platform’s website, that service also includes monitoring accounts for defense against impersonation. Verified organizations can offer affiliated badges and gold checkmarks to employees or advocates, but that also apparently opens the door to potential misuse.
Gawd damn the amount of scam links under the Blast airdrop post.
Anyone know how to get to the claim page from the official site?
— Travis💡 (@ProofOfTravis) June 26, 2024
Blast’s legitimate Twitter has employed a common defense against impersonation that many crypto projects use. When stringing posts together, it warns users that “this is the final tweet in this thread” at the end, while warning users to watch for impersonators.
Even so, the kind of FOMO that fuels many crypto industry traders still manages to lure some users to jump on illicit links without doing due diligence, often paying a hefty cost in the process.
Edited by Andrew Hayward