In a promoted tweet yesterday, Target announced it would give away 5,000 bitcoin “to all community!” Was this Twitter’s ad platform going back on its vow to ban crypto promotions, one user wondered? Perhaps a bizarre moment of attention-seeking generosity from the retail giant? A way to get tech-savvy youth interested in brick-and-mortar shopping again?

Of course not. It was a scam, like so many others that crypto-seekers have perpetrated on the social platform.

“Early this morning, our Twitter account was inappropriately accessed,” a Target representative wrote to BREAKER in a statement on November 13. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a bitcoin scam. We have regained control of the account, are in close contact with Twitter, and are investigating now.”

In addition to Target, hackers also got into G Suite’s Twitter account on November 13, dwarfing Target’s modest bitcoin offer with a 10,000 giveaway “to all community!” Like Target’s tweet, G Suite’s also provided a QR code for users to send between 0.1 and 2 BTC, with the promise that they’d get 20 BTC (worth around $111,000 in recent prices) in return—a sound investment indeed. The tweet was also “promoted,” and it referenced Tesla with its giveaway participation code. The G Suite tweet appeared online for minutes before the company deleted it. (G Suite did not respond to BREAKER’s request for comment.)

Cryptocurrency impersonation scams happen on Twitter in one of two ways. Either a person or company’s account gets hacked, like Target’s, or scammers create a false version of an established Twitter account, coming up with a new handle but attaching it to the established account’s name.

For example, on August 2, 2018, “Breaker” tweeted at @BreakerMag saying it had “something” for readers. The account’s profile picture looked like ours (a yellow circle with the “BREAKER” logo in it). It went on to “present” us with “this special event,” which turned out to be a “10,000 ETH giveaway on getethfree.com.”

The account’s Twitter handle was @8PZyRK1UYC7tDCe. You can still find all six of its tweets on the social platform, where it solely promoted this dubious “giveaway.”

Many accounts like this have popped up on the social platform this year. Vitalik Buterin’s name on Twitter is “Vitalik Non-giver of Ether” because of them. An account with the handle @VitalikButerjm had started posting requests for ether, posing as Buterin, in early February 2018. “Send me 0.2 ETH, I will send 2 ETH back,” the scammer promised. Elon Musk has been another well known target, and so have Bill Gates, John McAfee, and Roger Ver.

Lesser-known accounts have also fallen victim. TechCrunch reported that Farah, a men’s clothing brand, experienced a similar breach on November 12. Fortunately, the clothing brand had a sense of humor about it.

Unfortunately, scammers made $37,000 (about 6 bitcoin) in the few hours the tweet—which people were meant to believe was coming from Musk through Farah’s Twitter—was live.

In March 2018, Twitter said it would start taking action against these faulty accounts. “We’re aware of this form of manipulation and are proactively implementing a number of signals to prevent these types of accounts from engaging with others in a deceptive manner,” the company said in a statement.

Twitter has yet to respond to BREAKER’s request for comment, but there is some apparent evidence of the company taking action. For example, @DoonaldTrump65 is nowhere to be found on Twitter after the account told the tweeting public, “Because I’m the best President ever I’m donating 250 Ethereum to the ETH community!” earlier this year. The catch—the ETH community would have to send him 0.2 ETH each before getting one or two back in return. “Be quick!” Doonald urged. Other false accounts @Elonn_Musk, @Ellon_Musk, @EloonMusk, and @ElonMuski have also been suspended since trying to eke ether out of unsuspecting Twitter users’ wallets.

The latest hacks of Target, G Suite, and Farah’s Twitter accounts have one important aspect in common. All of the tweets were promoted, which means someone had to buy the placement on Twitter. Promoted tweets reach a wider audience than most tweets and may appear in Twitter users’ timelines and relevant search results. “Anyone” can pay for a promoted tweet, says Twitter, but with certain caveats—including “restrictions” on ICOs and token sales.

Now that Twitter has cracked down on false accounts and (supposedly) prevented users from paying for cryptocurrency ads, hacking into others’ accounts seems to be the latest frontier for crypto scammers on the platform. After all, @Target paying to promote a post looks a lot less suspicious than @8PZyRK1UYC7tDCe doing it.