Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Serpent Profile picture
Serpent
@Serpent
Web3 Marketing & Security. I expose scams. Anyone claiming to be me is a scammer, verify by DMing me.

Apr 14, 2023, 9 tweets

🚨 TWITTER URL SPOOFING EXPLOIT 🚨

Scammers are exploiting a flaw with Twitter's website preview cards to show a legitimate website but have it redirect you to a phishing site.

Here's how it's currently being exploited to drain wallets 🧵👇

1/ There is an ongoing exploit that allows people to spoof what the Twitter website preview shows. It can be manipulated to show any website's preview, and take you somewhere completely different.

This is possible in both tweets & DMs.

2/ Recently, using a network of hacked accounts, attackers mass tweeted claiming that Uniswap was hacked, and they were able to get the hashtags #UniswapHack #UniswapExploit and "Revoke Cash" trending

3/ After clicking on any of the trending terms, you'll find that the top tweets are fake tweets by accounts impersonating known web3 security accounts.

They bot the engagement to get it to the top of the search.

4/ When you click the links, it will redirect you to replica phishing sites. After you connect your wallet, it will find your most valuable assets and prompt transactions that will drain your wallet.

5/ They're taking advantage of the recent SushiSwap exploit, hoping people will see #UniswapHack trending, see top security accounts posting about it with links that seem to be legit, and go on the websites to 'protect their assets', but it is all fabricated by scammers.

6/ There have also been other cases of this exploit, where scammers have spoofed website links in DMs during NFT trades, or announced fake airdrops/raffles with legitimate looking links.

7/ Does this link look legit to you? It shows OpenSea's website preview, but will it actually take you there? Test it out for yourself.

api.harrydenley.com/link_forwarder…

8/ Things to learn ✍️
- Don't trust what Twitter previews show.
- Always confirm authenticity. Double check usernames & URLs
- Understand what you're signing
- Hold your valuable assets on a hardware wallet

Stay safe & feel free to share this thread to educate others ❤️

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling