This paper presents a comprehensive analysis of the cryptocurrency free giveaway scam disseminated in a new distribution channel, Twitter lists. To collect and detect the scam in this channel, unlike existing scam detection systems that rely on manual effort, this paper develops a fully automated scam detection system, \textit{GiveawayScamHunter}, to continuously collect lists from Twitter and utilize a Nature-Language-Processing (NLP) model to automatically detect the free giveaway scam and extract the scam cryptocurrency address. By running \textit{GiveawayScamHunter} from June 2022 to June 2023, we detected 95,111 free giveaway scam lists on Twitter that were created by thousands of Twitter accounts. Through analyzing the list creator accounts, our work reveals that scammers have combined different strategies to spread the scam, including compromising popular accounts and creating spam accounts on Twitter. Our analysis result shows that 43.9\% of spam accounts still remain active as of this writing. Furthermore, we collected 327 free giveaway domains and 121 new scam cryptocurrency addresses. By tracking the transactions of the scam cryptocurrency addresses, this work uncovers that over 365 victims have been attacked by the scam, resulting in an estimated financial loss of 872K USD. Overall, this work sheds light on the tactics, scale, and impact of free giveaway scams disseminated on Twitter lists, emphasizing the urgent need for effective detection and prevention mechanisms to protect social media users from such fraudulent activity.

翻译：本文对通过Twitter列表这一新型传播渠道散播的加密货币免费赠送骗局进行了全面分析。为收集和检测该渠道中的此类骗局，与现有依赖人工操作的检测系统不同，我们开发了一种全自动骗局检测系统——\textit{GiveawayScamHunter}，该系统可持续采集Twitter列表，并利用自然语言处理（NLP）模型自动识别免费赠送骗局，提取骗局相关的加密货币地址。通过从2022年6月到2023年6月运行\textit{GiveawayScamHunter}，我们检测到由数千个Twitter账户创建的95,111个免费赠送骗局列表。通过对列表创建者账户的分析，本研究发现诈骗者结合了多种策略来传播骗局，包括盗用热门账户和创建垃圾账户。分析结果显示，截至撰稿时，仍有43.9%的垃圾账户保持活跃。此外，我们收集了327个免费赠送域名和121个新的骗局加密货币地址。通过追踪这些骗局加密货币地址的交易记录，本工作揭示超过365名受害者遭受攻击，估计经济损失达87.2万美元。总体而言，本研究揭示了Twitter列表中传播的免费赠送骗局的策略、规模及影响，强调了亟需有效的检测与防范机制来保护社交媒体用户免受此类欺诈活动的侵害。