If you’ve been tagged multiple times a day in strange Twitter threads from verified accounts with NFT profile pictures, you’re not alone. It’s part of what seems to be a massive phishing attempt by hackers using the platform.
In the most recent wave, hackers have hijacked verified Twitter accounts to exploit interest in the Moonbirds NFT collection, the now $300 million non-fungible token collection which launched days ago.
They’ve changed accounts’ profile pictures to a Moonbird and updated bios with links that appear to be associated with the project but are not.
Once set up, they’ve tagged countless users in tweets, encouraging them to enter a Moonbirds “raffle.”
If a victim ultimately clicks on the provided links and connects their crypto wallet, they might be hit with a phishing attack that can drain their funds and crypto assets.
One of the blue-checkmark accounts targeted by the scammers belongs to Sen. Bernie Sanders’s son, Levi Sanders. Hackers appeared to change Levi’s Twitter account name to “Moonbirds,” and tagged many users in a series of tweets to click on an NFT “raffle” link. Levi appears to have regained control of his account, with his name reinstated and most of the spam tweets deleted.
Representatives for Sanders and Levi did not immediately respond to Fortune’s request for comment.
Though the verified accounts used for the scam appear to be hacked, they might have been bought. It’s unknown what Twitter might do to combat the continuation of the scam.
Leadership for the Proof Collective, which is the company behind the Moonbirds project, noticed this happening and sent a warning to followers.
On Monday, Justin Mezzell, cofounder and chief product officer of Proof, tweeted, “These scammers who purchase verified accounts, pretend to be @moonbirds_xyz, and try to get folks to connect their wallet and siphon funds. It’s the worst. Just block / report if you’re seeing it!”
This same type of scam was seen in March after the ApeCoin drop by Yuga Labs and its Bored Ape Yacht Club, exploiting the fear of missing out surrounding the token’s airdrop. It resulted in a loss of more than $1 million for victims, Decrypt reported.
The scam was repeated in early April with another popular NFT collection, Azuki.
This story was originally featured on Fortune.com