- The impersonation scam on X uses Peter Lauten’s old username to trick users into theft.
- Malware named Vortax was installed, leading to $245K crypto theft through fake app downloads.
- Post-scam, a16z corrected website links to prevent further misuse of outdated usernames.
In a recent incident, a scam involving an impersonated account on X (formerly Twitter) has resulted in a significant financial loss for a cryptocurrency enthusiast. ZachXBT, a well-known figure in the crypto community, recently shared the details of this elaborate scheme, which led to a user losing $245,000.
The scam began with an account falsely representing Peter Lauten from the venture capital firm a16z. The impersonator took advantage of a subtle yet crucial oversight; the real Peter Lauten had changed his X username from ‘peter_lauten’ to ‘lauten.’
Meanwhile, the scammer picked up his old username, which was no longer in use. Adding to the confusion, the official a16z website still directed to his old username, and several a16z posts continued to tag this outdated handle.
The victim, initially contacted under the guise of discussing a potential podcast partnership, did not realize the duplicity at play. Guided by the impostor, they were persuaded to install a software named ‘Vortax,’ supposedly needed for the upcoming meeting.
Unfortunately, this application was malware designed to infiltrate devices and access private data. Once the malware was installed, the situation worsened quickly.
The victim’s cryptocurrency assets were illicitly transferred from their wallets to the thief’s address, which was meticulously planned to reroute the funds through various intermediaries before depositing them into different exchanges. The theft was executed so seamlessly that the victim was left unaware until substantial damage had been done.
DMM Bitcoin Plans $321M Recovery After Major HackThe address associated with the theft, identified as 0x77aFC774c38D6A712e1A1F5Ea7c88Fe14BFA10F6, became a crucial piece of evidence in tracing the flow of stolen funds.
In the aftermath of the incident, the a16z team promptly rectified the website links, pointing them to the correct account. This scam is a stern reminder of the dangers lurking in the digital world.
The sleuth provided safety tips, including updating relevant parties after a username change, avoiding downloads from unknown sources, checking the mutual follower ratio for authenticity, and thoroughly searching for any app or service before installation.