Blue checks, ads, and crypto spam
Verified accounts on social media platform X are running paid ads for cryptocurrency/NFT projects of dubious legitimacy
If you’ve spent any time on X (the social media platform formerly known as Twitter) in recent months, you’ve probably noticed that cryptocurrency spam posts regularly appear as promoted ads. These ads are posted by verified accounts, and contain links to a variety of websites related to obscure cryptocurrency and NFT projects of no demonstrable legitimacy or financial value. Although X seems to catch many of these accounts sooner or later, new ones continually arise to take their place. Here’s a look at a set of 30 accounts that ran crypto spam ads in January 2024.
To gather the set of ads and accounts used in this analysis, I scrolled through the “Following” timeline on X’s “Home” tab multiple times over the course of two days (January 18th and 19th, 2024), and included each crypto spam ad in the dataset. Some of the crypto spam ads were served repeatedly, while others appeared only once. I wound up with 30 accounts, all of which had blue verification checkmarks at the time their ads were displayed. (I was also served various other types of ads during this period of time, and it is always possible that I missed some of the crypto spam ads that appeared.)
The accounts posting the ads are a mix of older accounts, some dating back to 2010, and accounts created in the latter half of 2023, mostly in December. Although some of the older accounts have been purged of old content, others still have older posts up, and unlike the English-language ads the accounts are presently running, these older posts are in Spanish and appear to be mostly personal in nature. The mix of complete purges of older content and abrupt changes in language suggests that these accounts are no longer under the control of their original owners, and may have been hijacked or sold. In contrast, the newer accounts generally post exclusively in English, and their feeds are a mix of cryptocurrency, AI, and feel-good posts, along with reposts of viral posts from large accounts.
The newer accounts have a particular penchant for posting photographs of cats. Unsurprisingly, these cat photos are all either stock photos or images plagiarized from random websites. These photos, along with the reposts of popular posts, are likely there to make the accounts look more human than they would have if they simply ran a bunch of spammy ads and posted no other material.
Most of the websites linked by these spam accounts follow a similar pattern, offering a chance to gain free cryptocurrency or early access to some upcoming crypto/NFT project to users who are willing to link their cryptocurrency wallets. Needless to say, financial offers of this sort from mysterious websites promoted by spammy social media accounts should be viewed with extreme skepticism (especially since several of them result in “dangerous site” warnings from major browsers). In several cases, the sites seem to hop from domain name to domain name, such as strklabsclaim.net, srtkclaimfund.net, and strkclaimfond.net, all which lead to versions of the same website with extremely minor differences.
Most of the accounts posting the cryptocurrency spam ads have thousands of followers, but it turns out that these audiences are not entirely authentic. The visible followers of many of the accounts are all extremely similar recently created accounts, likely from a fake follower network. Unfortunately, since X only displays a few dozen of each account’s followers and the X API has been made prohibitively expensive for researchers, mapping these fake follower networks in their entirety is likely unfeasible at the present time.