on the crypto
When it comes to the “next big thing” on independent platforms, the Substack newsletter platform is always at the forefront. The company has attracted well-known independent writers like Casey Newton and Glenn Greenwald who started their own newsletters on the platform. Substack is now also known to be easily within reach of scammers hiding behind various crypto projects, prompting victims to "update their smart contracts" and send funds to a proxy contract ID.
Substack and Gnosis scammers
In a Substack phishing e-mail speaking on behalf of the Gnosis project, it is written: "The updated smart contract uses 71% less commissions, supports updates thanks to proxy models and allows you to participate in future votes" .
While the newsletter said no immediate action was needed, "GNO holders who upgrade early will be eligible for the new liquidity rewards program, starting January 20 and lasting one week."
The Gnosis Twitter account tweeted that that newsletter was fraudulent. In the tweet, the Gnosis account warned users not to interact with this Substack account, not share their wallet address or send funds.
“Gnosis was notified of the Substack phishing attempt via Twitter, as we were one of several popular blockchain projects targeted,” said Kei Kreutler, strategy director at Gnosis.
"We immediately contacted Substack and they removed the fraudulent account." Gnosis has now claimed gnosis.substack.com and created their Substack account to prevent future impersonation attempts.
Other interested projects
Gnosis wasn't the only project hit by the scam. Projects like RenProject, Kyber Network, Synthetix, Quant, UMA “and probably others” have also been victims, according to cybersecurity researcher Avigayil Mechtinger from Intezer company.
Apparently, the scam involving Gnosis has already been successful to some degree, with at least one scammed user admitting to being a victim. “We look forward to the [Web 3.0] account tools becoming integral to providing trusted, unique and authenticated identities on the web, so that such problems on other platforms will arise less in the future,” said Kreutler. "This is why we created Gnosis Safe and we hope to see platforms like Substack start adopting Web 3.0 technologies."
Phishing emails
Imitating emails so that they appear to come from a legitimate source is a common practice that applies with the goal that users can open them and convince themselves to give information or money. The Substack scam is an extension of this method, with the aim of reaching a large group of people using seemingly legitimate tools.
Scammers are often looking for new and compelling ways to target people. Users may let their guard down when faced with a legitimate-looking email from a popular newsletter site. With a limited number of moderators and Substack's “hands-off” approach, it will likely be up to readers to keep an eye out for scams like these in the future.
