Users of bitcoin wallet targeted with impostor Twitter account

By Michael Carney , written on March 19, 2014

From The News Desk

Bitcoin companies are battling daily to earn and retain trust. With a number of high-profile cases of fraud, theft, and technical incompetence destroying millions in value, it’s no wonder consumers and regulators alike are skeptical of even well-funded companies. So you can imagine the last thing any seemingly legitimate company needs is someone impersonating their brand and looking to scam unsuspecting customers.

Unfortunately for bitcoin wallet and block explorer startup, that’s exactly what happened. A Twitter account by the name of “biockchain,” using a capital “I” to spoof blockchain’s lowercase “L” has been impersonating the company and soliciting donations to build new exchange and wallet software for other alternative currencies (aka, altcoins). Unfortunately, in Twitter’s sans-serif default font the difference was practically imperceptible

The @biockchain account managed to attract more than 70,000 followers – although many may have been fake followers – while the real @blockchain account has just 26,000 followers, making the impostor appear, at least at first glance, to be more “legitimate.” The real @blockchain is currently unverified, but this seems like a good enough reason to go ahead and give the company a little blue checkmark.

The con was first reported by CSO Andreas Antonopoulos, both in a tweet and later on the the r/Bitcoin sub-Reddit. Antonopoulos replied to dozens of Twitter users unknowingly engaging with the impostor account and asked Reddit readers to block and report the “biockchain” account on twitter.

He joked on Reddit, “Meanwhile, a team of highly skilled ninjas is en-route to their secret hideout and will strike withing (sic) the next day.”

Apparently the ninjas at the Twitter Security Team found their mark, because the offending account has been shut down, as noted by Antonopoulos tweet about an hour ago. The account now shows just two followers, one of which is Antonopoulos, one tweet, and no avatar image. Why twitter didn’t simply ban the handle is unclear. It’s also unclear whether any funds were sent to the impostor account-holder and whether the identity of the parties involved are known to either or Twitter.

The takeaways from this incident are threefold. First and foremost, consumers interfacing with businesses online, be it through Twitter, another social platform, or a website need to be ever-vigilant to ensure that they’re dealing with the real thing. But there's only so much onus that can reasonably fall to consumers.

Second, and more critically, businesses, specifically those dealing with finance or commerce, need to think ahead about possible spoof accounts or domains, and register or monitor them in every way possible. Third, platforms like Twitter need to show a zero-tolerance policy toward fraud and impersonation, something that the company seems to have done effectively today.

Bitcoin is now a multi-billion dollar financial ecosystem and as such has a big target on its back. Today’s incident is just a single small example of the lengths that bad actors will go to enrich themselves at others’ expense. Sadly, we’ll surely see more of the same in the future.

PandoDaily reached out to Antonopoulos and to another via multiple channels representative (~60 minutes before publishing) but were unable to reach them prior to publishing. We will update this post as additional information becomes available.