The team from San Diego State University revealed that almost a million dollars were fraudulently obtained from individuals through the Lists feature on Twitter, now known as X. Researchers at the university, based in California, developed an artificial intelligence system to detect, monitor, and bring to light cryptocurrency giveaway scams on X (formerly Twitter).
Named GiveawayScamHunter, this automated system identified 95,111 scam lists between June 2022 and June 2023, originating from 87,617 accounts on the X platform.
Using the tool, the team autonomously extracted website and wallet addresses linked to these scams, leading to the discovery of 327 domains associated with scam giveaways and 121 new cryptocurrency wallet addresses linked to scams.
The initial approach to tackling the issue involved identifying a novel avenue exploited by cryptocurrency giveaway scams: Twitter Lists. Due to the unrestricted nature of the Lists feature, scammers found it an easy networking tool to manipulate.
To pinpoint the lists connected to giveaway scams, the researchers trained a natural language processing tool on data from previously known scam instances. Through this method, they identified nearly 100,000 instances of giveaway scam lists, which enabled them to amass data on previously unreported scam websites and wallets.
Leveraging this data, the researchers gained valuable insights into the mechanics of these scams, the methods scammers employed to target victims, and an estimate of the number of victims who fell victim to these scams during the year-long study.
According to the study’s report:
“By monitoring transactions involving the scam cryptocurrency addresses, this research uncovered that the scam targeted over 365 victims, resulting in an estimated financial loss of 872,000 USD.”
The scientists shared their findings, along with the related accounts, domains, and wallet addresses, with both X and the cryptocurrency/blockchain community. However, as of the paper’s publication on August 10, 43.9% of the associated accounts remained active. The researchers did acknowledge that most of these accounts were likely spam and not actively used.