A number of verified Twitter accounts were compromised Monday – including those owned by a U.S. lawmaker, a film company, and a book publisher – all to impersonate SpaceX and Tesla founder Elon Musk.
Each of the compromised accounts engaged in a well-known crypto giveaway scam by promising to send large amounts of bitcoin to any users who sent them small amounts first.
To further reinforce the impression that the compromised accounts were genuinely owned by Musk, the hackers copied over the Tesla founder’s profile picture and retweeted some of his tweets. Some accounts also pinned the bitcoin giveaway tweet.
The tweets stated that participants should verify themselves by sending 0.1 – 3 BTC to a particular wallet address and on receipt, they would get anywhere between 1 and 20 BTC.
Several users familiar with the scam attempted to alert the community about these fakes.
At first glance the Elon Musk account is convincing because it has the 'verified' blue tick. But look closely and you'll see the Twitter handle is @pantheonbooks. pic.twitter.com/eke7E25LzC
— Arieh Kovler (@ariehkovler) November 5, 2018
One of the most prominent victims was perhaps the Democratic state representative for New Jersey’s sixth district, Frank Pallone Jr.
Around mid-day, Pallone’s campaign handle, “@pallonefornj,” was taken over. Notably, his account comes with an election label specifying that he is a U.S. House candidate for New Jersey, though his other verified handle, “@FrankPallone,” remained untouched.
Daily Beast reporter Lachlan Markay reported that sources familiar with the campaign had confirmed the account was compromised and Twitter was investigating.
The tweet about the bitcoin giveaway was identical to the one posted on the Pathe Film account, once again promising 1-20 BTC in exchange for the small verification fee of 0.1-3 BTC. This was once again caught by people in crypto-industry.
Wow. Verified, Promoted, Congressional Candidate: Elon Musk?
Try harder, @Twitter pic.twitter.com/GeIFFEiSTW— Jonathan Vaage [Trial by Combat] (@JonathanVaage) November 5, 2018
By press time, the promotional tweet (which are paid for in an effort to reach a wider audience) had been removed, along with the profile image and name on the @pallonefornj account. Some retweets from the real Elon Musk account were still on the page.
Similarly, the official account of English discount clothing and homeware chain Matalan was hacked to display the same fraudulent message, attracting over 700 retweets and over 3,000 likes.
Hackers also took over film production company Pathé Film’s Twitter account “@patheuk”, in order to mimic the account of the Tesla CEO and tweet out spurious bitcoin giveaway links. However, the company later announced that it had regained control of its account.
As reported earlier this month, this not the first case of multiple “Musks” promoting crypto giveaway scams. The issue has become serious enough to prompt the social networking company to take action, and freeze any account that changes its display name to “Elon Musk.”
The Pallone and Matalan accounts directed users to send some portion of bitcoin to the same address, which has received 326 transactions worth a total of more than 25 bitcoin ($161,380) as of press time, according to data from Blockchain.com.
The Pantheon account directed users to a different address, which saw a further $12,000 in bitcoin over a two-and-a-half-hour period, while the Patheon UK account only received around $2,500.
Both addresses continued to receive bitcoin transactions as of press time, though it’s unclear at this time how many transactions are legitimate and which ones are intended to boost the address figures.
Requests for comment to Pallone’s campaign team, Matalan, Pantheon, Musk’s office and Twitter were not immediately returned.
Elon Musk image via Heisenberg Media / Wikimedia Commons
Editor’s Note: The headline of this report has been amended for clarity and to reflect that some of the funds sent to the reported addresses may have been sourced from the scammers of themselves. (H/t Udi Wertheimer)