Cash News
As many more users are flocking to BlueSky from social media platforms like X/Twitter, so are threat actors.
BleepingComputer has spotted cryptocurrency scams popping up on BlueSky just as the decentralized microblogging service surpassed 20 million users this week.
It didn’t take long
Over the past few years, X/Twitter has become the hotbed of scammers from those targeting banking customers to ones impersonating high-profile accounts to push posts promoting fake crypto giveaways, websites that utilize wallet drainers, and Discord channels promoting pump-and-dumps.
As BlueSky nears a 21 million strong userbase, BleepingComputer has observed threat actors are starting to get their foot in too, and push their agenda.
A BlueSky post from last week featured an AI-generated image of Mark Zuckerberg and promoted crypto assets like “MetaChain” and “MetaCoin.”
As evident from the messaging and graphics, the post misleads viewers into associating the advertised products with tech giant Meta and its concept “Metaverse”.
The MetaChain[.]cash website mentioned in the post also appears to carefully impersonate Meta branding, typeface, and messaging:
Another post titled “You’ve won FREE Satoshi Bitcoin of $900k” was seen leading users to a GitHub Pages website, cryptos-satoshi.github[.]io which is no longer accessible.
Reacting to the “block chain” scam, BlueSky user @krankenpflegel.de remarked “Oh no. Now here too.” meaning “Oh no. Now here too.”
BleepingComputer discovered similar crypto “airdrop” posts that drive traffic to a domain previously classified as “a fraudulent cryptocurrency trading platform being promoted through an elaborate scam on social media platforms.”
One such post is shown below. It reuses video snippets from hit TV shows like Last Week Tonight With John Oliver and abuses hashtags, #musk #tesla #blockchain to boost engagement.
We also stumbled upon fraudulent schemes claiming to hand members “over $68,659.80 In FREE Bitcoin & Ethereum” with zero trading requirements, “100% risk-free.”
BlueSky slammed with 3,000 reports an hour
BlueSky safety team confirmed that over the past week alone the platform had grown by more than three million people.
“In the past 24 hours, we have received more than 42,000 reports (an all-time high for one day). We’re receiving about 3,000 reports/hour. To put that into context, in all of 2023, we received 360k reports,” states the BlueSky safety team in the thread.
“We’re triaging this large queue so the most harmful content such as CSAM is removed quickly.”
“With this significant influx of users, we’ve also seen increased spam, scam, and trolling activity — you may have seen some of this yourself.”
“Our team is reviewing these accounts, and you can help us by reporting them by clicking the three-dot menu on each post/account.”
The platform pledges to “dial our moderation team up to max capacity” as it battles a large number of user reports against unwanted content.
Decentralization brings new challenges
BlueSky is a decentralized microblogging service based on the AT protocol, meaning no single entity is in charge of the entire system.
While Bluesky Social, a Public Benefit Corporation (PBC) owns and manages the domains, bsky.app and bsky.social, along with the primary “BlueSky Social” server, anyone can start their BlueSky instance. Users of one BlueSky instance can interact with those on another and vice versa.
The beauty of this lack of centralized authority is, that users have greater freedom and control over their content and are not subject to policies or limitations of Bluesky Social, PBC, should its direction drastically shift in the future—akin to what happened with X.
All this, however, also carries some operational caveats.
While BlueSky Social would be able to moderate content hosted on the bsky.app server, what happens when scammers start setting up their BlueSky instances and using these to promote dubious trading schemes?
BleepingComputer observed posts promoting dubious websites that offered questionable products. Rather than being hosted on bsky.appthese were seen on BlueSky instances managed by a third party.
Given how the AT protocol works, users from other BlueSky instances, including bsky.app would be able to interact with posts on this “web client” (namely “Subium”) and vice versa, which may boost engagement:
Search engines like Google may also crawl and index posts from third-party BlueSky instances. All this could positively contribute toward search rankings of dubious websites mentioned in these posts, and for scammers to up their SEO poisoning game:
Put simply, BlueSky’s moderation architecture isn’t as straightforward as is the case with centralized platforms like X or Instagram. The greater freedom, content control, and independence offered by BlueSky come with novel challenges that need addressing as the decentralized platform gains momentum.