When it comes to the “next big thing” for independent platforms, the newsletter platform Substack has been at the forefront of the charge. The company has lured big-name independent writers such as Casey Newton and Glenn Greenwald to the platform to start their own newsletters.
Substack is now also being leveraged for its ease of use and reach by scammers to impersonate various cryptocurrency projects, encouraging those it reaches to “upgrade their smart contracts” and send funds to a proxy contract ID.
The language across multiple newsletter emails was similar, just plugging in and playing with different project names, suggesting they had a similar origin.
Scam Substack newsletter impersonates Gnosis
For a scam newsletter impersonating the project Gnosis, the dek of the newsletter reads, “The upgraded smart contract uses 71% less gas, supports updates thanks to proxy patterns and allows you to participate in future votes.” While the newsletter said no immediate action was needed, “GNO holders who update early will be eligible for the new liquidity rewards program, starting on January 20th and lasting one week.”
The Gnosis Twitter account tweeted that the newsletter was fraudulent. In the tweet, the Gnosis account told users not to interact with this Substack account, share their wallet address or send any funds.
“Gnosis was alerted to the phishing attempt on Substack via Twitter, as we were one of many popular blockchain projects targeted,” said Gnosis Director of Strategy Kei Kreutler in a direct message. “We immediately contacted Substack and they took down the fraudulent account.”
When CoinDesk reached out to Substack regarding the account on Jan. 15, it noted the account was taken down but did not respond to questions regarding what preventive measures are in place for these types of situations.
“We have permanently removed this account from the platform and any subscribers will no longer have access to the fraudulent Substack site,” the support team said.
Gnosis has now reclaimed gnosis.substack.com and created its own Substack account to prevent against future impersonation attempts.
Other projects affected
Gnosis wasn’t the only project where this happened.
“This together with sending emails to relevant users is a whole infrastructure of its own and [the newsletters] used the same scam contract id – 0x093fAd33c3Ff3534428Fd18126235E1e44fA0d19.”
The scam impersonating Gnosis has already been seemingly successful to some extent though, with at least one responder to the Gnosis tweet admitting to being a victim and sending tokens to this proxy. Another expressed surprise that Gnosis wasn’t the one sending these emails after receiving one.