RuneScape players say Twitter’s bitcoin scam looks familiar

Technology

If you went anywhere near Twitter last night, chances are you saw the chaotic aftermath of a massive security breach in which several celebrity accounts and cryptocurrency companies were hacked to tweet a bitcoin scam. Elon Musk, Barack Obama, Bill Gates and Kanye West were among the compromised accounts, all of them tweeting a very similar message. “I’m feeling generous because of Covid-19,” the compromised Elon Musk account tweeted. “I’ll double any BTC payment sent to my BTC address for the next hour.”

Shockingly, it seems at least a few people fell for the scam – and according to public blockchain records, the link received contributions totalling over $100k (£80k) within hours of it being posted online (via BBC). And while it should be obvious that sending cryptocurrency to an unknown wallet is a bad idea, for many RuneScape players, they knew from personal experience. So many people noticed the similarities to an old RuneScape coin scam, in fact, that RuneScape started trending.

In RuneScape, this particular money doubling scam falls under the umbrella of “trust scams”, which mainly take place on trade associated worlds and the Grand Exchange (the main trade hub for each world). As with the bitcoin scam, the scammer offers to double the victim’s money… but only if the victim sends some over first. The doubling is supposed to then occur in a separate trade (making it a trust trade), but at this point the scammer can simply take the money and run, world hopping and blocking the victim in order to escape.

According to RuneScape veteran and Eurogamer guides writer Lottie Lynn, some scammers first start by actually doubling small amounts, such as 10k or 20k coins, before earning the player’s trust and making off with 100k. “The scammer might also try to trick the other player into simply dropping the money, wait for one minute until it appears to the whole world, and then do a runner,” she added.

More elaborate methods include setting up a deal for millions, then backing out with the promise of adding items, then restarting the deal – and changing the millions of gold to thousands, hopefully without the other player noticing (such as swapping 10m with 10k).

Jagex attempted to stop this practice (and real-money trading) with the introduction of trade limits in 2007, which would block anything deemed an “unbalanced trade”, but following community protests and polls, this was reversed and free trade returned to the game in 2011. Given scams of this nature became a problem over 10 years ago, naturally, many RuneScape players found it amusing that the same method is now being used to rob Twitter users of their bitcoin.

As for the Twitter hack, in the immediate aftermath of the breach verified users temporarily lost the ability to tweet: but it seems this function has returned, and we now have some idea of what happened. Twitter Support confirmed a “coordinated social engineering attack” took place which targeted Twitter employees with access to “internal systems and tools,” which the hackers then used to take control of high-profile accounts and tweet on their behalf. Leaked screenshots of an internal Twitter administration tool were apparently circulating on the hacking underground, and were seen by Motherboard.

“Tough day for us at Twitter… we all feel terrible this has happened,” said CEO Jack Dorsey. If only more people had played RuneScape.