Cryptocurrency fraudsters are exploiting a new design flaw, putting X users at risk.
Cryptocurrency fraudsters have discovered a new way to exploit the X interface to spread scams, fake giveaways and fraudulent Telegram channels.
As BleepingComputer reports, scammers have begun to actively exploit what appears to be a user interface glitch, allowing them to create legitimate-looking URLs that contain malicious content.
The flaw, initially identified by X user @rcwht_, allows scammers to post tweets that mimic those of real accounts.
According to BleepingComputer, a scammer can put a legitimate tag in the account_name field while also changing the status_id field. for example:
- https://x.com/(account_name)/status/(status_id)
- It will look like this:
- https://x.com/itscrypto_news/status/1736650221243826564
In the example above, the link will appear as if it was published by crypto.news. However, when the user opens the link, they are redirected to Elon Musk’s post because the status ID pulls that post from the website database without checking if the post is associated with the account_name field.
This vulnerability appears to allow fraudsters to modify account names, even for high-profile accounts. As a result, fraudsters have been exploiting this flaw for weeks by targeting Binance, the Ethereum Foundation, and many other cryptocurrency-related accounts with fake airdrops, security researchers MalwareHunterTeam told BleepingComputer.
This redirect is a standard X feature, so it is unlikely to be changed to improve security, the report notes. We therefore recommend that users closely examine the address bar when clicking on an X link to ensure they are visiting the intended tweet without a redirect.