> Sebastian double-checked the verification logo next to Elon Musk's name, and then tried to decide whether to send five or 10 Bitcoin.
This is a vulnerability in Twitter's verification policy that Twitter refuses to fix. Originally, verification was supposed to mean "this person is who they say they are". But once an account is verified, you can change the name/profile picture to someone else. So hackers get access to minor verified accounts, change the profile to match Elon, and then they have a "verified" Elon Musk account to scam with.
Twitter could fix this tomorrow by requiring that verification be tied to the name you got verified with, and if you do need to change your name you go through an (expedited) re-verification process. That doesn't seem like a lot to ask considering what "verification" is supposed to mean, and what (as evidenced by this article) users of the site take it to mean.
I agree with your policy recommendation, but I still think people who don't pay enough attention to the possibility "E l o n M u s k" a.k.a "JoshyMcB" might not be the real deal when it's their life savings rather than a retweet on the line have to take the lion's share of the blame.
And tbh people shouldn't be trusting even the verified real account on something like this, given it's been hacked to push this exact scam before, and even under the control of actual Elon it tweets about imaginary investors taking TSLA to $420 and other stuff he thinks is funny at the time.
I fully agree. To be sure, I don’t think Twitter deserves the blame here for some pretty weak due diligence on the part of someone transferring six figures. But I think it’s a good policy to begin with that may have prevented this particular instance.
I think the verification badge should do something else on top of just being shown. Some sort of a PKI trust system like with SSL certs that would point to a specific (possibly masked) email or web site that belongs to the person.
In other words I want to know if this is Bill Evans the pianist, not Bill Evans the saxophonist or any other Bill Evans who is not even a musician or someone pretending to be one of them. Can social networks solve this? (I know, Bill Evans the pianist died a long time ago. Big fan of him)
This won't solve it because a lot of scams rely on victim's greed,as was the case for the German in this story. This is no different from a scam I saw a few years ago,where some German tourist kept pouring money on a three cup game despite his wife's attempts to stop it. It took him less than 5 minutes to leave nearly €500. It's always the same: you think you are about to get something for nothing. I very much doubt there's a fix for it.
The article says that he checked for a check to verify that it was Elon running the account.
Sure, greed motivates people, but in this case greed would not have motivated him to continue if he saw that the account was not verified and not Elon’s. If anything the check provided him with the confidence to continue more than anything else.
I think boiling this down to greed is oversimplifying the situation and total ignores the effect that this obvious loophole within Twitter had in exacerbating the issue.
I understand he tried to verify it's really Elon, however it still falls under 'something for nothing' category,so it's just different shade of greed.In fact most scams can be put into only a handful categories,such as greed, wanting to help, seeking love,etc.
I agree it was a scam that plays on the emotions of others, but that doesn’t mean that this obvious loophole in twitters verification/name change system didn’t enable the scam as well.
This is a terrible scam, but I am astonished by the frivolity with which people would move life-changing amounts of money into something with absolutely no due diligence. When I took on a financial advisor I verified their identity with the govt regulator, verified their written bank details over the phone, and then verified those details with my bank before I even considered sending a single penny. Even then I sent a small test amount, and waited for a written receipt before sending anything more. To dump 500 grand into something you heard about 10 minutes ago on Twitter seems beyond ridiculous to me. This is an amazing example of the old adage “a fool and his money are easily parted”.
> This is a terrible scam, but I am astonished by the frivolity with which people would move life-changing amounts of money into something with absolutely no due diligence.
It's Bitcoin though. The volatility and returns in this bubble have been enormous, so its quite possible for "life-changing amounts of money" to not feel like that, because it was cheap and easy to get.
I can confirm this. I ran a miner early on in a completely unserious way, and only recently bothered to dig up the wallet from an old hard drive to sell it. Even though it was worth thousands of dollars, I felt about that Bitcoin like a feel about an old hard drive: not worthless, but not particularly valuable, either.
Also, the cryptolottery has handsomely rewarded many people for doing absolutely no due diligence. I mean, if you were someone who bought Bitcoin at the beginning, you probably did it on Mt. Gox, which looked like a garbage fire to anyone who did a little due diligence (and actually turned out to be one).
It's interesting to ponder 'why' an intelligent human being would do this.
- Him having made so much money on a highly speculative asset, at one point having decided to pour a significant amount of money into it in the first place and it paying off? Almost certainly.
- Musk's seemingly irrational nature, tendency to do crazy things, to the point of that a 'fan' of his would actually deem him capable of doing a bitcoin giveaway? Almost certainly. You most likely wouldn't even believe this, verified or not, if it was a more 'reputable' CEO tweeting this.
- Current social media investing frenzy from stocks to altcoins to everything in between? The speed of social media, hype, buy and dump activism? People desperately trying to find their own 'opportunity' to strike gold? Imagine he wakes up the next morning, the giveaway was real, and what regrets would he have? Urgency forces stupid decisions.
I am not trying to attribute responsibility, but there are quite a few factors at play here, and they explain why he did what he did. Not trying to pass judgement on him, but at that very moment, he was a gambler, a speculator, not an investor or rational person. And then this happens. It happens to people in the financial industry all the time.
People simply don't know what due diligence is. If you don't know that financial advisors are supposed to be registered with government regulators, why would you go to verify them with that regulator?
If someone unfamiliar with the workings of the financial/legal system and the Internet goes to some website that looks trustworthy to them - looks like other websites they trust, has gushing testimonials, large numbers, and TrustSeal(R) graphics proclaiming that it's Guaranteed and Secured, and there are posts on Twitter and Facebook that say this site is trustworthy, and some blogger has also rated them highly... they may believe they've done their due diligence.
They're not a fool, they're simply uninformed, and they don't know they're uninformed, and they don't know they don't know they're uninformed. The information age is changing fast - it's pretty recent in human history that you have to distrust published writing as much as you do today - and some people are unable to keep up.
Some years ago there used to be this very popular scam in my country: you get a call from an alleged police officer,who explains that your daughter/son/cousin/whatever made a huge car accident and is about to go to jail unless it's 'resolved' with some money. So many people got swindled for absurd amounts of money. However one case stuck most in my memory: the police got called by a woman who was about to fall for such scam. Fast forward to the end and the journalist asks to tell what happened. So she gets a call from someone, saying her son is arrested for drink driving and causing an accident. He needs money for this to go away. The woman goes to the neighbor to borough the money and the neighbor seeing her in distress,asks for more details. Finally she tells the woman: you haven't got a son...
But due diligence was done here - the blue check mark was checked. The user checked other people were seeing success with this. The user probably double and triple checked the bitcoin address he was sending to. He probably looked for the padlock symbol on the site he was getting the details of the scam from. He might have checked his computer for viruses and been using a hardware wallet with a really long password.
All of those things are a good start but it is five hundred thousand dollars. It’s obviously a huge amount of money for someone like this. Why wouldn’t you check with your bank or a solicitor or the financial services regulator in your country before undertaking such a large transaction? The blue check mark just means they’re a celebrity, immediately dumping your life savings into something because the meme man told you to is a pretty foolish thing to do...
> The 42-year-old says he first invested $40,000 in Bitcoin in 2017, and quickly made his money back as the value of the coins rose on the open market. He cashed out and got his initial money back, but then watched excitedly over the years as the 10 coins grew to be worth nearly 500,000 euros.
Fortunately this sounds like he didn't lose anything, just never realised extra gains. I know it's slightly nitpicking, but losing your actual $500k and losing $500k unrealised gains from a gamble is a massive difference. Especially if you already withdrew the original investment.
No. This is a common way to think about it, but it's wrong imho. Because that money is real and it buys you real stuff. If you have that money one day and it is gone the next, you effectively lost that money. It doesn't matter where it came from.
Think about it: You inherit $500k. You lose it through a scam or a bet or gambling. Do you think it doesn't matter? I mean, you didn't earn that money yourself, right?
There are no paper losses and no "unrealized gains". It's your money and if it's gone, it's gone. Doesn't matter how you earned it.
For tax purposes, in the U.S., what he had at the time was an unrealized gain. So if he later went to convert that Bitcoin into U.S. dollars, he would have a taxable event (i.e., if he cashed out the whole thing, he would owe taxes on the difference between his basis and the value at the time).
Germany ditched the holding period a while back for stocks. You pay 25% plus a little bit (26.375% in reality) on every gain, no matter if you hold it for 10 years or for two seconds.
Bitcoin is tax-free after a holding period of 1 year afaik.
If you lose $500k, you don't owe taxes, congratulations. But you still lost money (even if you maybe only lost $300k, because the rest would've been taxes).
But it's not real money, it's an asset! I think you have a wrong understanding of what unrealized gains are. It's not about whether you earned it yourself - it's about whether it's liquid cash or just an asset. Only once you sell your asset do you realize your gains.
As I asked in the other part of this thread: Would you feel differently if he sold the bitcoins and then immediately bought them again before participating in the scam? Of course not. Even though that would make them "realized", that has no impact on the situation
I agree with you, he lost real money. But I also agree with the other poster: it's hard to feel bad for him gambling away money that he got by gambling to begin with.
Right. This guy was happy when the unregulated Wild West made him a fortune for doing no work, but started crying for regulation when he was on the bad side of a trade.
I think this is a bad comparison. His situation would be closer to buying a house for $40k, making $40k renting it out. Then someone tells you you could probably sell the house now for $500k, but you don't and instead you gamble it away. You never had the $500k to begin with. You had a house people say could be possibly worth that much.
There is no question he really could have exchanged the coins for $500k of value though.
If he had sold the bitcoins for cash and then used the cash to buy bitcoins again immediately after so that he could send them to the scammer, then would they be "realized" as opposed to "unrealized", even though there's no practical difference between the two situations?
It's the same situation. You don't have $500k - you have an opportunity to get $500k if you do things right. If it's kept as BTC, there's a number of things that could bring the value to $0 without the scam.
I think this is a pointless distinction. A 500k bank balance is just an "opportunity" to withdraw 500k of cash. There are a number of things that could bring your bank balance to $0 without the scam. 500k of cash is just an "opportunity" to extract 500k of value. etc.
A bank balance is different. The value of $500k in $ doesn't change. There's regulation which dictates what banks can do with that money. There's industry enforced insurance which means even if the bank goes under, you can still recover a decent chunk of that money. Putting money into a basic bank account is by law not gambling, speculation, or investment.
You don't have opportunity to withdraw it - you've got the right to do it.
OK, sure. Those things are all true, but it doesn't change my point: He could have "realized" the gains any time he wanted and it wouldn't have affected the outcome of this scam. For all we know he actually did "realize" them at some point and just bought the coins again to send them to the scammer. It makes no difference in this situation.
> For all we know he actually did "realize" them at some point and just bought the coins again to send them to the scammer. It makes no difference in this situation.
I think it makes a big difference. "I'll gamble my 10 BTC" and "I'll exchange my actual $500k to gamble as BTC" would have a very different threshold for action. I suspect he wouldn't do that with real money.
Same reason F2P games get you to exchange money into tokens (some even twice) to make you lose connection to the real value.
But he didn't lose anything but opportunity costs and because he cashed out his initial gambling money, he is not worse off than if he didn't gamble with Bitcoin to begin with.
Coming out of the crypto game with a big fat zero is better than many others who tried it.
I don’t understand how you can be tech savvy enough to send and (not?) receive Bitcoin but stupid enough to fall for this...
EDIT: Thinking about it, it's technically difficult see the difference between Bitcoin (which will continue to be worth more) and other get rich quick schemes that may not have the same chance of success and directly being conned for money by people.
I wonder if the meteoric rise if Bitcoin, and similar recent things like what's going on with /r/wallstreetbets, is causing people's defences to lower with regards to what it a realistic return on investment, so these kind of things don't trigger the alarm bells so much.
Elon is the perfect person to hack, he's always doing bizarre stuff, so if I'd fall for anyone, it would be for this one.
And the type that got rich off BitCoin are way bigger risk-takers than average - I was offered to "get in" on BitCoin at 1000 dollars and I thought it too risky, my former coworker who did and got rich is very much an adrenaline junkie (but didn't fall for this scam fortunately).
Sounds like he already had 10 BTC, he probably got sold on "investing in BTC", price jumped since he got in so when you're riding high on easy wins why wouldn't another one come just as easily - sounds like easy come easy go to me.
I'm ambivalent about the tech, economics, environmental impact, but what ticks me off about BTC and crypto is the proselytizing idiots that it attracts - it's the modern day Jehovah's Witnesses. I rented an office recently and there was a bunch of "bitcoin investment strategists" in the space next to me, and this one guy in particular trying to sell me on the idea that we should get into blockchain development because that's going to be the future of everything ... You could sum the guy up as mouth breeding idiot on first impression and that didn't change as he kept talking. Really typical for the crowd IMO.
Assuming you have a defective moral compass, is there any reason to not run this scam. Easiest $ ever. Twitter nor law enforcement can do anything. The same guys doing it over and over. You can run this scam and make an easy $50-200k with some twitter posts and then use the $ to pay off the mortgage or student loans, or take a cruise, buy a luxury car or whatever. no one would know if you mix the coins before cashing them out, not that law enforcement actually cares.
> no one would know if you mix the coins before cashing them out
There's lots of other ways you can fail. First how you obtain the large enough account to announce the scam. Then how you move the money to mixers. Then how you withdraw it. And likely a few steps in between. Also you can fail by telling someone about your scam - this happens a lot - many court cases have fun conversation records where the accused bragged to undercover police officers.
I think to do it effectively you probably need to break a few laws, like using a stolen account of and kind to reach a large enough audience that will trust you.
So that's a reason not to, unless you're already in deep.
Well, the people in the article (Whale Alert, the ones that gave BBC the article) absolutely traced the bitcoins that were cashed out, but as you mentioned, law enforcement did nothing.
Wow, It's sure is a nice feature that Bitcoin doesn't have any way to dispute charges and that it's mostly anonymous.
This article is yet another amazing illustration of why that's definitely two features you want from something that's intended to be used as a currency.
You obviously don't want that in every situation, only some situations.
Would you make an argument like "Wow, it's sure a nice feature that [full disk encryption software] doesn't have any way to reset lost passwords" on an article about someone losing their life's work due to misunderstanding the consequences of full disk encryption?
> 10 Bitcoin were transferred and then cashed out anonymously a few days later.
Genuinely interested how the coins were cashed out anonymously. Pretty much all exchanges require KYC these days, and Bitcoin addresses can be tracked and blacklisted if the right processes are put in place, in theory at least.
It could have taken time for the BTC from his wallet to be marked as tainted. Once that happens, the person who buys the 10BTC is bag holding. I wonder what happens if it's an exchange holding tainted BTC, though. Will it be excluded from the supply indefinitely?
Sure, some scames are complicated - credit swaps, sub prime mortagges, etc, I can see why people fall for that. Sometimes you're relying n a greater fool, sometimes you're relying on unlikely events (horse winning etc), because you value the potential reward more than the risk. All of that's rational - hell even buying a lottery ticket is rational for many people.
But in all those areas I can see why the other person is involved and what they're getting. My risk/reward ratio is different to theirs.
I go into a greater-fool situation and yes, I expect that I'll find a greater fool, the person selling me the $whatever doesn't.
I could buy a Tesla and think that they will take over the entire planet's energy grid. I can see why someone is selling me a TSLA share at $800 (they don't think tesla is worth that much), that's reasonable.
I could even see a transaction where I give my email address to "Elon" and he sends me money, because he's a gajillionaire and doesn't value it, but does value email addresses, or maybe a transaction where I make or share a DOGE meme and he likes it, so gives me money instead of a "like".
But what possible reason would there be for me to send Elon Musk money and him to send it back? Why would he do this? Why not just send me the money for sharing a DOGE meme or something? Or just send it for being the first person to click his link?
I believe that he's "normally not the biggest idiot in the whole world," but that's a belief I'm holding despite the available evidence.
1. Why would anyone give away free bitcoin in large amounts? Seriously, why? That should already have been an end to this.
2. If the screenshot is representative, it is clearly "@JoshyMcB" tweeting, not @elonmusk. It should take much more than an icon and a not-quite-matching display name to suggest it's the same person, and a tweet from @JoshyMcB[0] later the same day makes it clear he was hacked. There are more differences than similarities in that screenshot.
3. He got this part right: "I was greedy that night and it made me blind."
I'm not on Twitter much but I've seen plenty of livestreams coming up in my YouTube feed. What I find striking about some of them is just how creative the scammers have gotten and the production values involved. During the last Starship launch there were several fake livestreams purporting to be from SpaceX. They had custom graphics and gauges and were all soliciting Bitcoin in order to "fill the tank" ahead of launch. There were literally hundreds of people on some of them and it's unlikely they were all bots. What's particularly brazen about these schemes is that the normal reporting mechanisms don't work. When YouTube looks into it hours later the damage has already been done.
Everyone does stupid things sometimes. Maybe from tiredness, inattentiveness, excessive emotional influence, drugs, whatever. Maybe there's just a small chance at any point in time that a brain will malfunction slightly and direct a stupid action. Even intelligent people, who know intellectually that things that sound too god to be true usually aren't, and that greed can make you do dumb things, are not exempt from this.
By presenting themselves to zillions of people, these scammers ensure that they will catch at least some people who happen to not be thinking correctly at the moment. People who will fall for the scam, and then slap their foreheads 15 minutes later wondering what the hell they were thinking.
I never understand, why people who already have money, want to have more. Personally, I keep my money at the bank, for days when I will have to spend it (Buying things, going on holidays, etc)
The bank is FDIC insured. If the bank loses your money and FDIC cannot make you whole, you would be in a serious problem even if you had a pile of cash, as that is basically a 'the entire USD economic system has collapsed' scenario.
Well yes, but if you invest your own money without going through banks at least you have some choice in where it goes (oil companies, weapon companies, sustainable funds, &c.) and you get to cash out all the benefits (or loss)
I'll take my 7%+ average over the last 100 years vs the "insured" 0.5% my bank proposes me (which doesn't even pay for what my bank charges me monthly)
In other words, you are exposed to approximately 0 downside risk and 0 upside risk when you give your money to a bank. That is practically the opposite of them gambling for you.
It is a fine critism to say that the bank uses your money to invest for itself, and you would rather use your money to invest for yourself; or that you would rather have input in what your money gets invested in for reasons other than financial return.
I'm not sure why you put "insured" in quotes. Do you have doubts about the FDIC?
It’s not super obvious to me. If I bought some shares in some company and they went up 10x, I don’t think I could get out of the tax by gifting them to someone else (though maybe I could get out of it if I gifted them to a charity).
Taxes can be a bit weird with investments in general. eg if you invest in a mutual fund that reinvests dividends, you only pay tax when you realise gains, whereas if you invested in an equivalent mutual fund that didn’t reinvest dividends but reinvested them yourself, you would be liable for tax on the dividends before reinvesting them which means less compounding. Obviously this all massively depends on local laws and weird specifics.
It's awful that this guy was scammed, but I am really having difficulty wrapping my head around it. Presumably he follows Elon on Twitter, and would see these scam fake Elon replies/accounts have been trolling his Twitter feed for years. I guess seeing the blue verify check and FOMO at doubling his holdings made him throw caution to the wind.
> It also does sound quite plausible that someone like Elon Musk, a big supporter of cryptocurrency, would give away Bitcoin.
Really? Most m(b)illionaires, however eccentric, typically don't go around doing the equivalent of throwing money from rooftops, especially not by means of blurry Times New Roman text on a GIF directing you to some .info website.
That is all I could think when reading the article yesterday.
I can understand some people such as older and less tech savvy people getting caught up in scams but an otherwise intelligent early 40s person working in the IT industry?! I just don't understand how he fell for it. I guess the only answer is greed overrode his better judgement.
Admittedly still a chunk of change to have invested in a risky asset like bitcoin but it's not like he earned 400k by being "smart enough" and then emptied it into bitcoin.
OK sure, but one would think that anyone smart enough to even figure out how to buy bitcoin, let alone interested enough to spend that much, would not be a complete internet fool.
There is also an assumption that if you are "intelligent" then you are intelligent at everything - this has not being my experience of knowing some really smart people. In fact, I actually that to do something really stupid requires a high degree of intelligence - largely down to sheer hubris.
Yeah, it is super clever to inherit money, or be born in the right place at the right time, or not being abused by alcoholic parents turning you chronically depressed, etc, etc. Please..
This is a problem across all social media. The number of Instagram/Twitter scams you come across every day is astounding. The only explanation that makes any sense is that the social media companies want the increased user engagement metrics from the bots.
This is a vulnerability in Twitter's verification policy that Twitter refuses to fix. Originally, verification was supposed to mean "this person is who they say they are". But once an account is verified, you can change the name/profile picture to someone else. So hackers get access to minor verified accounts, change the profile to match Elon, and then they have a "verified" Elon Musk account to scam with.
Twitter could fix this tomorrow by requiring that verification be tied to the name you got verified with, and if you do need to change your name you go through an (expedited) re-verification process. That doesn't seem like a lot to ask considering what "verification" is supposed to mean, and what (as evidenced by this article) users of the site take it to mean.