The mainstream adoption of cryptocurrencies has led to a surge in wallet-related issues reported by ordinary users on social media platforms. In parallel, there is an increase in an emerging fraud trend called cryptocurrency-based technical support scam, in which fraudsters offer fake wallet recovery services and target users experiencing wallet-related issues. In this paper, we perform a comprehensive study of cryptocurrency-based technical support scams. We present an analysis apparatus called HoneyTweet to analyze this kind of scam. Through HoneyTweet, we lure over 9K scammers by posting 25K fake wallet support tweets (so-called honey tweets). We then deploy automated systems to interact with scammers to analyze their modus operandi. In our experiments, we observe that scammers use Twitter as a starting point for the scam, after which they pivot to other communication channels (eg email, Instagram, or Telegram) to complete the fraud activity. We track scammers across those communication channels and bait them into revealing their payment methods. Based on the modes of payment, we uncover two categories of scammers that either request secret key phrase submissions from their victims or direct payments to their digital wallets. Furthermore, we obtain scam confirmation by deploying honey wallet addresses and validating private key theft. We also collaborate with the prominent payment service provider by sharing scammer data collections. The payment service provider feedback was consistent with our findings, thereby supporting our methodology and results. By consolidating our analysis across various vantage points, we provide an end-to-end scam lifecycle analysis and propose recommendations for scam mitigation.

翻译：加密货币的主流采用导致普通用户在社交媒体平台上报告的与钱包相关问题激增。与此同时，一种新兴的欺诈趋势——基于加密货币的技术支持诈骗——正在增加，诈骗者提供虚假的钱包恢复服务，并针对遇到钱包问题的用户。在本文中，我们对基于加密货币的技术支持诈骗进行了全面研究。我们提出了一种名为HoneyTweet的分析工具来分析此类诈骗。通过HoneyTweet，我们发布了2.5万条虚假钱包支持推文（所谓的蜜罐推文），以此引诱了超过9000名诈骗者。随后，我们部署自动化系统与诈骗者互动，分析其作案手法。在我们的实验中，我们观察到诈骗者将Twitter作为诈骗起点，之后转向其他通信渠道（例如电子邮件、Instagram或Telegram）完成欺诈活动。我们追踪这些通信渠道中的诈骗者，并诱使他们透露其支付方式。根据支付方式，我们揭示了两类诈骗者：一类要求受害者提交密钥短语，另一类则要求直接向他们的数字钱包付款。此外，我们通过部署蜜罐钱包地址并验证私钥盗窃来获得诈骗确认。我们还通过共享诈骗者数据集与知名支付服务提供商合作。该支付服务提供商的反馈与我们的发现一致，从而支持了我们的方法论和结果。通过整合来自不同视角的分析，我们提供了端到端的诈骗生命周期分析，并提出了缓解诈骗的建议。