A 19-part thread outlines the sophisticated strategies scammers are using to part crypto users from their funds.

Cybersecurity analyst Serpent has revealed his picks for the most dastardly crypto and non-fungible token (NFT) scams currently active on Twitter.

The analyst, who has 253,400 followers on Twitter, is the founder of artificial intelligence and community-powered crypto threat mitigation system, Sentinel.

In a 19-part thread posted on Aug. 21, Serpent outlined how scammers target inexperienced crypto users through the use of copycat websites, URLs, accounts, hacked verified accounts, fake projects, fake airdrops, and plenty of malware.

One of the more worrisome strategies comes amid a recent spate of crypto phishing scams and protocol hacks. Serpent explains that the “Crypto Recovery Scam” is used by bad actors to trick those who have recently lost funds to a widespread hack, stating:

“Simply put, they attempt to target people who have already been scammed, and claim they can recover the funds.”

According to Serpent, these scammers claim to be blockchain developers and seek out users that have fallen victim to a recent large-scale hack or exploit, asking them for a fee to deploy a smart contract that can recover their stolen funds. Instead they “take the fee and run.”

This was seen in action after the multimillion-dollar exploit affecting Solana wallets earlier this month, with Heidi Chakos, the host of the YouTube channel Crypto Tips, warning the community to watch out for scammers offering a solution to the hack.

Another strategy also leverages recent exploits. According to the analyst, the “Fake Revoke.Cash Scam,” tricks users into visiting a phishing website by warning them that their crypto assets may be at risk, using a “state of urgency” to get users to click the malicious link.

Source: @Serpent on Twitter

Another strategy uses “Unicode Letters” to make a phishing URL look almost exactly like a genuine one, but replacing one of the letters with a Unicode lookalike, while another strategy sees scammers hack a verified Twitter account, which is then renamed and used to impersonate someone of influence to shill fake mints or airdrops.

The remaining scams target users wanting to get in on a “get rich quick” scheme. This includes the “Uniswap Front Running Scam”, often seen as spam bot messages telling users to watch a video on how to “make $1400/DAY front-running Uniswap” which instead tricks them into sending their funds to a scammer’s wallet.

Another strategy is known as a “Honeypot Account” — where users are supposedly leaked a “private key” to gain access to a loaded wallet, but when they attempt to send crypto in order to fund the transfer of coins, they are immediately sent away to the scammers’ wallet via a bot. 

Other tactics involve asking high-value NFT collectors to “beta test” a new Play-to-earn (P2E) game or project, or commissioning fake work to NFT artists — but in both cases, the ruse is merely an excuse to send them malicious files that can scrape browser cookies, passwords, and extension data.

Related: Aurora Labs exec details ‘fascinating and devious’ crypto scam he almost fell for

Last week, a report from Chainalysis noted that revenue from crypto scams fell 65% in 2022 so far, due to falling asset prices and the exit of inexperienced crypto users from the market. Total crypto scam revenue year-to-date is currently sitting at $1.6 billion, down from roughly $4.6 billion in the prior year.