Twitter users should be wary of a fraudulent account that is impersonating Coinbase's official BASE Layer 2 account. The account has received a yellow tick from Twitter, which is commonly seen as a sign of authenticity by users, but it is in fact a honeypot that may be used to steal funds. This has been confirmed by PeckShieldAlert, which detected that the account, named BuilldOnBase, is a forged Twitter account and not the real BuildOnBase.
Further investigation by PeckShieldAlert found that the phishing site base[.]web3claiming[.]com was associated with the fake account. A contract "Claimer" was also created by a user with the handle Fake_Phishing38689, which was registered on etherscan.io six days ago.
#PeckShieldAlert Our community contributor has detected @BuilldOnBase with a yellow tick is a forged #twitter account, not the real @BuildOnBase— PeckShieldAlert (@PeckShieldAlert) March 6, 2023
base[.]web3claiming[.]com is the phishing site, Fake_Phishing38689 created the contract "Claimer" https://t.co/Iw1FdVPgd5 ~6 days ago pic.twitter.com/ThQ1ub8fOi
The fraudulent account is a clear attempt to take advantage of Twitter's verification system, which can be easily tricked by attackers. It is important to remember that the blue or yellow tick does not guarantee the authenticity of an account, and users should always exercise caution when engaging with accounts claiming to represent official organizations.
The use of social media to spread phishing scams is nothing new. Attackers often impersonate legitimate accounts to gain the trust of users and steal their funds. Since Elon Musk's takeover, the old verification system has become obsolete, and the new way of receiving a confirmation occurred, where almost any business can get a yellow mark.
To protect themselves from such scams, users should always verify the legitimacy of an account and a contract by visiting a company's official website and using their official social links. Additionally, users should never share their private keys or seed phrases with anyone and should always double-check any messages they are signing in their Web3 wallets.