Understanding the Cryptocurrency Free Giveaway Scam Disseminated on Twitter Lists

This paper presents a comprehensive analysis of the cryptocurrency free giveaway scam disseminated in a new distribution channel, Twitter lists. To collect and detect the scam in this channel, unlike existing scam detection systems that rely on manual effort, this paper develops a fully automated scam detection system, \textit{GiveawayScamHunter}, to continuously collect lists from Twitter and utilize a Nature-Language-Processing (NLP) model to automatically detect the free giveaway scam and extract the scam cryptocurrency address. By running \textit{GiveawayScamHunter} from June 2022 to June 2023, we detected 95,111 free giveaway scam lists on Twitter that were created by thousands of Twitter accounts. Through analyzing the list creator accounts, our work reveals that scammers have combined different strategies to spread the scam, including compromising popular accounts and creating spam accounts on Twitter. Our analysis result shows that 43.9\% of spam accounts still remain active as of this writing. Furthermore, we collected 327 free giveaway domains and 121 new scam cryptocurrency addresses. By tracking the transactions of the scam cryptocurrency addresses, this work uncovers that over 365 victims have been attacked by the scam, resulting in an estimated financial loss of 872K USD. Overall, this work sheds light on the tactics, scale, and impact of free giveaway scams disseminated on Twitter lists, emphasizing the urgent need for effective detection and prevention mechanisms to protect social media users from such fraudulent activity.