If you went anywhere near Twitter last night, chances are you saw the chaotic aftermath of a massive security breach in which several celebrity accounts and cryptocurrency companies were hacked to tweet a bitcoin scam. Elon Musk, Barack Obama, Bill Gates and Kanye West were among the compromised accounts, all of them tweeting a very similar message. "I'm feeling generous because of Covid-19," the compromised Elon Musk account tweeted. "I'll double any BTC payment sent to my BTC address for the next hour."
Shockingly, it seems at least a few people fell for the scam - and according to public blockchain records, the link received contributions totalling over $100k (£80k) within hours of it being posted online (via BBC). And while it should be obvious that sending cryptocurrency to an unknown wallet is a bad idea, for many RuneScape players, they knew from personal experience. So many people noticed the similarities to an old RuneScape coin scam, in fact, that RuneScape started trending.
ah yes the classic "i'll double your money bro" scam. i learned not to fall for this one when I was 7 on runescape https://t.co/wqzRetM0LW— Smugumin?? (@snugunim) July 15, 2020
the fact that somebody pulled the classic runescape "doubling money" scam and got away with it to this fucking degree is truly one of the peaks of 2020— mira (@mirakurutaimu) July 15, 2020
I can?t believe a hacker got access to every blue check account on all of Twitter and instead of derailing the global economy or sparking geopolitical conflict or some other wild apocalypse shit they just did a fucking runescape doubling money scam— Eryk (@Ambisinister_) July 16, 2020
In RuneScape, this particular money doubling scam falls under the umbrella of "trust scams", which mainly take place on trade associated worlds and the Grand Exchange (the main trade hub for each world). As with the bitcoin scam, the scammer offers to double the victim's money... but only if the victim sends some over first. The doubling is supposed to then occur in a separate trade (making it a trust trade), but at this point the scammer can simply take the money and run, world hopping and blocking the victim in order to escape.
According to RuneScape veteran and Eurogamer guides writer Lottie Lynn, some scammers first start by actually doubling small amounts, such as 10k or 20k coins, before earning the player's trust and making off with 100k. "The scammer might also try to trick the other player into simply dropping the money, wait for one minute until it appears to the whole world, and then do a runner," she added.
More elaborate methods include setting up a deal for millions, then backing out with the promise of adding items, then restarting the deal - and changing the millions of gold to thousands, hopefully without the other player noticing (such as swapping 10m with 10k).
Jagex attempted to stop this practice (and real-money trading) with the introduction of trade limits in 2007, which would block anything deemed an "unbalanced trade", but following community protests and polls, this was reversed and free trade returned to the game in 2011. Given scams of this nature became a problem over 10 years ago, naturally, many RuneScape players found it amusing that the same method is now being used to rob Twitter users of their bitcoin.
genuinely in awe of the fact that a "Doubling Runescape Money" tier scam has worked, to this degree. if this happened in a cheesy heist movie i'd love it but i'd be chiding it for being too unrealistic. https://t.co/6FTiy6Z5Si— Holly (@hp_hollowtones) July 15, 2020
These tweets are giving me Runescape flashbacks, same tactic. pic.twitter.com/bcRvurUXLD— Heaven (@heavvvin) July 15, 2020
Imagine not getting scammed as a kid playing runescape at the varrock west bank so you know not to fall for this obvious ruse— Matthew DeLisi (@super_OW) July 15, 2020
As for the Twitter hack, in the immediate aftermath of the breach verified users temporarily lost the ability to tweet: but it seems this function has returned, and we now have some idea of what happened. Twitter Support confirmed a "coordinated social engineering attack" took place which targeted Twitter employees with access to "internal systems and tools," which the hackers then used to take control of high-profile accounts and tweet on their behalf. Leaked screenshots of an internal Twitter administration tool were apparently circulating on the hacking underground, and were seen by Motherboard.
"Tough day for us at Twitter... we all feel terrible this has happened," said CEO Jack Dorsey. If only more people had played RuneScape.