I’m a big fan of the Brave browser and BasicAttentionToken — an innovative idea to radically improve the web. And so I was excited to see their (legit) tweet. My startup Public.Law is a verified publisher, and I’m investigated the partnership program:

Thrilled to announce our partnership with @townsquaremedia to monetize ad-blocking traffic and test blockchain-based digital advertising! https://t.co/2o0HvhwyQh pic.twitter.com/EKXIiBrj5f — BasicAttentionToken (@AttentionToken) May 3, 2018

It’s awesome to see the new digital ad program getting testing. Following this tweet, Twitter displays these:

E-coin faucets have been around for a while, and I’ve never had a problem with them. So I clicked the link, and saw the dwindling amount left to give away. I saw that I just needed to send 0.5 ETH to get the payment, which also sounded ok, because several different e-coin apps (like the Brave browser) sometimes need you to put some money in to get started. 0.5 ETH didn’t sound like much at all.

I was ready to convert $$ to ETH, but then I saw how much money that’d actually be: $400. I was ready to go, but I’ve never sent that much money online:

And so I went back to the giveaway site to look closer. I saw some red flags: there isn’t actually the BasicAttentionToken logo or name anywhere on it. And the domain name is completely unrelated. I asked about it, but haven’t heard back from @AttentionToken, who is also cc’d:

There's no "About" or ownership info on that page – how do I know it's legit before sending $200 to an anonymous address? — Robb Shecter (@dogweather) May 3, 2018

Then I realized that this follows the standard scam strategy of getting the victim to pay a “small amount” to “win” a much larger amount. Just like lottery and Nigerian email scams.

Looks cool, but also looks like B.S. – that page has no info about who's running it, and whether it's legit. 😬 — Robb Shecter (@dogweather) May 3, 2018

Finally, I realized that there’s a series of fake BasicAttentionToken Twitter accounts. Notice the extra letter l at the end: @AttentionTokenl. Ouch. This is 100% scam.

I picked up on it probably because they asked for a lot of money. I was about to send real cash in, but stopped at the $400 amount. (And yeah, I thought it was just $200 at first.)

I’m embarrassed to say that I study these scams as a hobby, and still got taken in.

My Observations: Both Twitter and BasicAttentionToken need to take action

The mechanism for this scam exploits Twitter’s platform ; the way it looks and acts for a user. It hacks the user’s trust and knowledge how Twitter works.

; the way it looks and acts for a user. It hacks the user’s trust and knowledge how Twitter works. BasicAttentionToken’s official Twitter account doesn’t have the blue checkmark ; that’d help people identify fake accounts, and might get faster response to Twitter for these problems.

; that’d help people identify fake accounts, and might get faster response to Twitter for these problems. The scammers use the official BAT logo and name ; surely there’s an algorithmic way that Twitter could act earlier on these.

; surely there’s an algorithmic way that Twitter could act earlier on these. BasicAttentionToken needs to reply quickly and decisively to fraud reports; they need dedicated fraud staff if they don’t have it. And they need to reply quickly to build confidence in the financial system they want to create.

Update 1

I’ve traced the domain name and IP address to Namecheap DNS & web hosting. I’ve contacted them, and they’ve begun an investigation.

Update 2

Namecheap has suspended the account; great, quick work on their part.