Paid access versus a "bot army": How cryptocurrency theft occurs on Twitter

Elon Musk has proposed the idea of introducing paid access for all Twitter users as a potential solution to combat the rampant problem of bots on the platform. However, it's important to understand that this move may not effectively curtail the activities of cryptocurrency-related bots.

Musk acknowledged the widespread issue of bots plaguing his social network, highlighting the significant threat these fraudulent bots pose to cryptocurrency enthusiasts. The question remains: Can a monthly subscription fee be the antidote to this problem?

During a meeting with Israeli Prime Minister Benjamin Netanyahu, Elon Musk, the billionaire and owner of X (formerly Twitter), floated the idea of charging all users a nominal monthly fee. He argued that this is "the only way I can think of to combat the huge armies of bots" that currently infest the platform.

According to Musk, the creation of bot networks is incredibly cost-effective for their operators. However, if they were required to pay even a small amount to use Twitter (referred to as "X" in this context), it would significantly dent their profitability. Musk also pointed out that, with the assistance of artificial intelligence, bots have become adept at surpassing humans in solving CAPTCHA challenges, the most common method for verifying users on the web.

While this notion was initially brought up in the context of political bots influencing public opinion on social media, it's evident that the problem extends into other domains as well. This includes anything from artificially inflating follower counts to more sophisticated schemes aimed at pilfering cryptocurrency funds from social media users.

• Various Fraud Scenarios

The issue of spam bots on X has reached a critical point, according to Tatiana Maksimenko, co-founder of IdolMe Agency. These automated accounts are notorious for distributing spam, participating in fraudulent activities, and engaging in other malicious actions. They employ automated mechanisms to identify potential victims, monitoring keywords and phrases such as "FTX return money" and similar terms.

Spam bots are most frequently used for mass dissemination of spam, fake news, the spread of viruses, or links to malicious websites and phishing pages.

Maksimenko emphasizes the particular danger posed to cryptocurrency holders by phishing-related spam bots. For instance, a fraudulent account mimicking a legitimate crypto exchange might post a link to a fake website, where users are prompted to enter their exchange login credentials. This sensitive information is then exploited by scammers to siphon coins from the victim's actual account.

Another prevalent scam on X is the purported free distribution (airdrop) of cryptocurrency or other crypto assets, often requiring a minimal investment from the fraudsters. In this scenario, a spam bot announces a cryptocurrency or NFT giveaway through various posts, replies to tweets, or private messages, providing a link to a website that typically imitates popular crypto project resources.

As frequent airdrops are common in the crypto space, victims tend to trust the authenticity of such announcements. They follow the provided link and land on a third-party site requesting authorization via an Ethereum cryptocurrency wallet (e.g., MetaMask). Once connected, a malicious smart contract is activated, commonly known as a "drainer," which empties the victim's wallet of all available assets. Technically, by approving the transfer (signing the transaction), the user voluntarily grants access to their assets to the fraudsters.

• Potential Remedies

Tatiana Maksimenko raises doubts about the efficacy of introducing paid access for all users as a solution to this issue. She believes that such a measure might not live up to expectations and may only marginally reduce the number of spam bots on X. If fraudsters are targeting significant gains and have confidence in their criminal campaign's success, they might be willing to invest in a network of paid spam bots.

In her view, the introduction of a monthly fee, as suggested by Musk, may decrease the number of bots but won't completely eradicate them from the platform. This approach addresses the symptoms rather than the root problem. Maksimenko proposes alternative strategies that social media platforms could implement:

1. Mandatory two-factor authentication for all users.
2. Compulsory CAPTCHA verification when sending tweets.
3. Mandatory registration with account linking.
4. Limits on the number of tweets sent within a specific timeframe for unverified accounts.
5. Additional measures such as automatic verification of links leading to external sites and further scrutiny of publications containing keywords related to "free NFTs."

These proposed measures aim to enhance the overall security and integrity of the platform, potentially making it more challenging for bots to operate and deceive users.