How crypto scammers weaponized Facebook's broken reporting system to steal my identity while I was hiking Yellowstone
Plus: guides to keeping your Bitcoin safe from scams and wrench attacks
I just returned from 8 beautiful days in Yellowstone/Tetons—one of the few places in the US still beyond cell towers. Unfortunately, I came back to find my 20-year Facebook account suspended for "cybersecurity violations" while I was literally at 10,500 feet on the Grant Teton trail.
The attack vector was elegant:
- Scammers identified crypto influencers with recent posting gaps
- Created pixel-perfect clones of dormant accounts
- Mass-reported originals using compromised sock puppets
- Facebook's algorithm auto-suspended the real accounts
- Impersonators then tagged friends from the fake profiles
My hardware 2FA (YubiKey) protected my actual credentials, but that is irrelevant when the attack bypasses authentication entirely by gaming Facebook's moderation system:
The real problems:
- Facebook offers zero paid support tier. Getting human review requires either going viral or having connections. Meanwhile, scammers get 24-48 hours of unrestricted access to your network before you can even file an appeal.
- Platforms treat all user reports as equally credible. A coordinated bot swarm carries identical weight to legitimate user complaints. Facebook's "Community Standards" become a DDoS vector against real users.
Tactical takeaways:
- Hardware 2FA is necessary but insufficient—credential security ≠ platform security
- Never store irreplaceable content on platforms you don't control
- Posting schedules create attack windows—scammers monitor for dormancy patterns
- Trusting third parties means constant risk of having your life taken away from you. Only Bitcoin in self-custody puts you solely in control of your self-sovereignty.
This exploit scales infinitely. Facebook's current economics incentivize automated moderation over accuracy. Until platforms face liability for enabling impersonation fraud, automated systems will always favor false positives over accuracy.
I have no idea if Facebook will ever reinstate my account. Unfortunately, even if it does, it will still be too late for any victims who fell victim to the scam, or the reputational damage to me, for anyone who blames me for the scam.
How To Protect Your Bitcoin
I created this guide as a comprehensive strategy to keep your Bitcoin stash safe:
It’s a comprehensive, expert-informed guide to Bitcoin self-custody, offering scalable security measures whether you're just starting or managing significant wealth. Learn to protect your assets against loss, theft, and ensure long-term recoverability.
I got a message from “you” the other day about bitcoin and whatnot. I deleted that shit quick. I know who you are.