Substack Newsletters Are Being Used to Spread Crypto Scams

Substack is being leveraged by scammers for its ease of use and reach.

AccessTimeIconJan 25, 2021 at 8:34 p.m. UTC
Updated Sep 14, 2021 at 11:01 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

When it comes to the “next big thing” for independent platforms, the newsletter platform Substack has been at the forefront of the charge. The company has lured big-name independent writers such as Casey Newton and Glenn Greenwald to the platform to start their own newsletters. 

Substack is now also being leveraged for its ease of use and reach by scammers to impersonate various cryptocurrency projects, encouraging those it reaches to “upgrade their smart contracts” and send funds to a proxy contract ID. 

The language across multiple newsletter emails was similar, just plugging in and playing with different project names, suggesting they had a similar origin. 

Scam Substack newsletter impersonates Gnosis

For a scam newsletter impersonating the project Gnosis, the dek of the newsletter reads, “The upgraded smart contract uses 71% less gas, supports updates thanks to proxy patterns and allows you to participate in future votes.” While the newsletter said no immediate action was needed, “GNO holders who update early will be eligible for the new liquidity rewards program, starting on January 20th and lasting one week.”

Screenshot of the imposter Gnosis Substack newsletter
Screenshot of the imposter Gnosis Substack newsletter

The Gnosis Twitter account tweeted that the newsletter was fraudulent. In the tweet, the Gnosis account told users not to interact with this Substack account, share their wallet address or send any funds. 

“Gnosis was alerted to the phishing attempt on Substack via Twitter, as we were one of many popular blockchain projects targeted,” said Gnosis Director of Strategy Kei Kreutler in a direct message. “We immediately contacted Substack and they took down the fraudulent account.”

When CoinDesk reached out to Substack regarding the account on Jan. 15, it noted the account was taken down but did not respond to questions regarding what preventive measures are in place for these types of situations. 

“We have permanently removed this account from the platform and any subscribers will no longer have access to the fraudulent Substack site,” the support team said. 

Gnosis has now reclaimed gnosis.substack.com and created its own Substack account to prevent against future impersonation attempts.

Other projects affected

Gnosis wasn’t the only project where this happened. 

Projects such as RenProject, Kyber Network, Synthetix, Quant, UMA “and probably more,” were also victims, according to cybersecurity researcher Avigayil Mechtinger of the firm Intezer. 

“This together with sending emails to relevant users is a whole infrastructure of its own and [the newsletters] used the same scam contract id - 0x093fAd33c3Ff3534428Fd18126235E1e44fA0d19.”

The scam impersonating Gnosis has already been seemingly successful to some extent though, with at least one responder to the Gnosis tweet admitting to being a victim and sending tokens to this proxy.  Another expressed surprise that Gnosis wasn’t the one sending these emails after receiving one. 

“We look forward to [Web 3.0] account tools becoming integral for providing trusted, unique and authenticated identity on the web so that such issues on other platforms arise less in the future,” said Kreutler. “This is why we built the Gnosis Safe, and we hope to see platforms like Substack beginning to adopt Web 3.0 technologies.”

Email phishing

Imitating emails so they look like they are coming from a legitimate source is a common practice, with the overall goal being for users to open them and give up information or money. Indeed, CoinDesk readers have been victimized by scammers sending out emails impersonating us

The Substack scam is a logical extension of this method, with the goal of reaching a large group of people with seemingly legitimate material. Scammers are often looking for new and convincing ways to target individuals. While people might pass over a classic “Nigerian prince” scam email, they may let their guard down when it comes to legitimate-looking emails from a popular newsletter site. 

With a limited number of moderators and Substack’s hands-off approach, it will likely be up to readers to keep an eye out for scams like these when they arise. 

Update: Jan. 26, 2021, 13:26 UTC: Information stating that the scam Substack newsletter was still active on Jan. 21. was removed. That latest newsletter was started legitimately by Gnosis.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Read more about