Elon Musk is not giving away Bitcoins

A look into the Elon Musk Crypto scam evolution5 min

2 shares, 10 points

The first time I’ve seen the Elon Musk scammer’s website, it surprised me with the high quality.
The website resembled a Medium article written by Elon Musk.

The website’s nature was so good and authentic that after the first perplexity, only looking at the URL and missing links and non-functioning buttons, I could understand that this was a scam.

The scam is nothing new, yet it changed to some degree from the ones in 2018.

The scam process is quite simple. A hacked Twitter account preferably verified, changes it’s display name to Elon Musk and promotes a Crypto giveaway. The promotion is often an answer to an existing tweet of the official account of Elon Musk or other tweets from verified users with a high follower amount.

The Scams repeat themselves and use the same template. 

In my research, I wanted to answer two questions.  

  • What is the money they make today?
  • Did the scam technique change since 2018?

Let’s go to the first step of the process.


The first step starts with tweets that inform of the Twitter giveaway. 

All have one thing in common, they have the same text, and the website is not pasted in full but with missing space.

A simple search of “Hint: remove the space to get prize” will discover the ones that are not yet banned.

If you want to get notifications of such events directly, one can set up an automized solution like Zapier, IFTTTP, or similar. 

You can set up those services to notify you immediately as the information is tweeted and paste data into a spreadsheet in case the tweet is deleted.

I’ve set up the monitoring on 17 November 2020, and in ten days, 40 tweets appeared posted by ten different accounts.

Twitter accounts hack or phish.

It is unclear if the accounts have been hacked, phished, or exploited with the help of a Twitter insider. Probably it depends on each attack. 

Twitter handleVerifiedLast tweet
@MadisonKocianyes22 Apr 2020
@BQuyyomnoAccount suspended
@WMBDMariaCyes27 Feb 2016
@theyluvkrissynoAccount suspended
@Nicole39077483noStill Elon Musk
@vydjonesnoIn use
@JamallBuffordnoAccount suspended
@NatalieGretzno30 Mar 2019
@diggydimemusicnoAccount suspended
@brockkreitzburgyes13 Dec 2015
Hacked/Phished twitter accounts promoting the scam

What is clear is that some of the attacks use verified accounts that have been dormant for long periods. This might suggest that inactive verified accounts are being looked up and targeted.

Technology deployed

The domains are registered or in Namesilo or Namecheap. The registrars offer very affordable domains plus the possibility to buy them with bitcoin. But what is most interesting is what is powering the scammer’s websites.

By playing around with the website, I found out that the scams (musk-givigng, spacexclaim, musk-web were all using Netlify.com.

With Netlify, one can instantly build and deploy a website site from Git, custom domains, HTTPS, deploy previews, rollbacks, and much more.

From Netlify.com

This quick set up seems to appeal to scammers that wish to make the process as swift and automated as possible.

When reaching out to the Netlify abuse team to flag the three websites, I received immediate response and support. The Team promptly removed the sites and banned the creators. During our correspondence, Netify team member was very open for suggestions and excluded potential attack vectors.

The exchange ended with a new control that hopefully will mitigate and block for some time similar scams on their platform.

What is true is that Scammers will always find ways to abuse free models to achieve their results faster. Here I cannot praise enough the quick and cordial efforts of Netlify. I wish others would take an example from them.

The Elon Musk image

I could not find any information on the fake Medium template that the scammers use. Probably they are being sold separately or part of a whole bundle of software & service on specific forums or on the dark web with which I am unfamiliar.

One thing that I could find is the origin of the Musk image.

The art used on the Scammers website is of high quality, and having looked at countless phishing Netflix, Paypal, or Apple phishing pages with the awful quality, I was intrigued by it. After several reverse image search with the first Tinyeye and Google image search, I found both the creator, Ilya Shapko, and the original file on dribble posted on 10 February 2018.

Bitcoin Etherum and a tiny bit of Ripple

All scams ask for a Cryptocurrency transfer by promising a transfer back of double the amount. The second transfer, of course, never occurs, and this psychological trick continues to be profitable.

The amounts are far from the comparable original approaches that cashed in 180.000 USD.

Scam websiteBTC adressTotal DepositsBalance
Teslamoney1F5Y7pPd3T2Vxd46Mv8VqTtsEAJeqfiTiy0,5896642910 693 US$
Spacex claim17mRiVWkRSFEbhAX9gufPfMAMbbtvKk3Km0,7634570913 844 US$
Elon fund1DxH2EXyg2JcCHnY4e99vqkaD6a7HRezqY0,0094209171 US$
Meneyx1DSw2UenUhzBKv1o1Ns8bWSw7xvWRnu7Fc0,6762476412 263 US$
Musc giving1BtgMgeKCRup34YaqFmprX98US1Byy3inS1,5741746828 546 US$
Musk Web1sexVdhJHZptdNHTjrt2VZrFEuUf6c9KB0,02023436367 US$
Elon Fund was not so successful due to a probable misconfiguration error as the site didn’t work when the Twitter handle advertising the site.

The new scams ask for Bitcoin or Ethereum, but in Spacexclaim, there was even a request for Ripple.

I was interested in how this money moves and if they join bigger wallets. At the time of the analysis, the BTC wallets for Musk-giving and Tesla-money did not register much movement.

But the wallet for Moneyx was older since the scam started earlier, and it was interesting to search manually the wallet transactions before taking a snapshot of the journey.

Bitcoins were moved from one wallet to another, probably mixed with a tumbler until it reached a wallet with significant proceedings owned by a Bitcoin exchange company.

Snapshot taken after exloring wallets with Maltego

I could do this thanks to Brenna Smith’s tip on a specific tool called wallet explorer. The tool is extremely handy in giving more context to a particular wallet.

Brenna Smith is the author of CryptOsint, a very informative newsletter on Cryptocurrency at Bellingcat. If you are interested to know more about the topic, I highly suggest subscribing.

It is hard to fully grasp the context and relation of all the chain of transactions. But the beauty of Bitcoin is that you can sit and watch how the money is moving, and sometimes, if the scammer is sloppy, it can lead to a publicly known wallet.


The Elon Musk scam is at least two years old and continues to cash in significant income from a partially automated process.

The income is not as high as the first takes but still makes it a quick and profitable attack.

What is critical in this attack is visibility; without the verified accounts, it is tough to appeal to a broader public and increase the scam’s chance of success.

As much as Netlify and similar companies can take their websites down, a considerable effort is required from Twitter, Twitch, or YouTube as they play an essential in blocking scams.

Brenna Smith pointed out in her July 2020 Newsletter that there isn’t an easy solution to blocking scams where they don’t restrict legitimate content but also recognize nuanced scams.

Yet time continues to pass, there is no visible progress on Twitter, and scammers continue to cash in significant amounts.

Like it? Share with your friends!

2 shares, 10 points

Internet McNulty. Creating Hacked.wtf to make Cyber Security for everyone.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Choose A Format
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
The Classic Internet Listicles
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Upload your own images to make custom memes
Youtube, Vimeo or Vine Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format
Send this to a friend