I noticed several videos posted to YouTube today attempting to direct users to crypto coin scam websites. The overall ruse is quite old: The scam promises that Elon Musk, or an organization associated with him, is giving away crypto coins. The catch: You first have to send crypto coins to the address to receive multiple of them back.
It all starts with a video promising a live stream of Elon Musk covering current developments around SpaceX.
The channel being used for these videos, SpaceXMission, has over 2 Million subscribers right now and around 430 Million views. Interestingly, this is not a new channel, but it started on August 25th, 2008. Currently, around 4 thousand users are watching the "live streams".
During the video, a QR code is displayed alongside an image that claims to show a tweet by Elon Musk promising crypto coins.
I blocked part of the QR code to prevent accidental scanning. It leads to https://muskwa[y.]com , The site offers wallet addresses for different cryptocurrencies, promising two times your "money back" if you send money to these addresses.
The Bitcoin address used by the scam, 1G4aPzodQtdkLhiERK7VWM6vXYfQeSsAaP, already received about 1.35 Bitcoin or $28,376.70 in 12 transactions. The muskway.com website also shows a "ledger" claiming to show actual incoming transactions and outbound payments. It isn't clear if the inbound payments to the Bitcoin address originate from victims or if they were placed as bait to make the wallet look more legit. But the payments shown on the fake ledger on muskway.com do not match the payments based on blockchain.info. I assume that the money being sent to the address originates from victims.
Needless to say: I am amazed that people still fall for these straightforward, well-known, and apparent scams. But crypto coin users may represent a self-selecting target group. YouTube appears to have already taken down some of the accounts associated with this scam, but there appear to be new videos and possibly accounts popping up. The actual "mystery" is the origin of the "SpaceXMission" account. I suspect that it may have been used in the past for other spam and scams. But it could be an abandoned account later stolen or taken over.
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.