A verified Twitter account has started impersonating Justin Sun, founder of the Tron Foundation that’s developing a media-focused cryptocurrency, to encourage users to participate in a scam.

“This is a fake account pretending to be me,” Sun tells Inverse. “Don’t fall into trap.”

The incident highlights a serious flaw in Twitter’s verification process, which aims to confirm to members of the public that the account’s claimed identity is correct. The account in question responded to a post on Friday by Vitalik Buterin, co-creator of Ethereum, asking users to send between 0.5 and five ETH tokens to the address on the given website to receive five to 50 ETH tokens in return. The account, which has the same displayed name and profile picture as Sun, claims the giveaway celebrates 10 million users on the Tron platform.

It’s unclear when the verified username “slickliltaylor” started posing as Sun. The earliest Twitter post playing a role in an Ethereum scam dates back to March 31, but it’s possible that previous posts were deleted by the user. It’s possible that the account has been compromised: three posts on April 5 warn people “Scam watch out!!!” and “THIS IS NOT JUSTIN SUN!!”, suggesting another user has access.

The Twitter page in question. Twitter

In a story last month about a similar scam affecting Tesla CEO Elon Musk, the BBC noted that users can spot the fake Musk accounts by the fact that they are missing the “verified” badge.

The posts alerting users to the scam.

Twitter’s verification process has come under scrutiny in the past for its unclear rules and inconsistent usage. The company claims in its support documents that verification, denoted by a blue badge with a white checkmark, “lets people know that an account of public interest is authentic.” The site notes:

An account may be verified if it is determined to be an account of public interest. Typically this includes accounts maintained by users in music, acting, fashion, government, politics, religion, journalism, media, sports, business, and other key interest areas. A verified badge does not imply an endorsement by Twitter.

Verification first rolled out in 2009, but it wasn’t until 2016 that people could actually apply for verification through a public form. The company placed the public application process on hold in November 2017 after concerns that the checkmark was seen as an indicator of importance rather than authentication of identity. However, the company’s own support documents contradict this by asking users to explain the account’s impact in its relevant field. The Twitter Verified account follows 293,662 accounts.

Inverse has contacted Buterin and Twitter for comment.