Threat actor steals half a million via 15 compromised X accounts: ZachXBT
A threat actor netted approximately $500,000 through a series of meme coin scams launched via more than 15 compromised X accounts, according to blockchain sleuth ZachXBT. The hacked accounts included Kick, Cursor, Alex Blania, The Arena, and Brett, among others.
1/3 A threat actor has stolen ~$500K over the past month by compromising 15+ X accounts (Kick, Cursor, Alex Blania, The Arena, Brett, etc) from sending targeted phishing emails which impersonated the X team to steal credentials and then launch meme coin scams. pic.twitter.com/HEWQdVICgJ
— ZachXBT (@zachxbt) December 24, 2024
The attacker gained access by sending targeted phishing emails disguised as X team communications to steal user credentials, ZachXBT noted.
The scheme involved sending fake copyright infringement notices to create urgency and deceive users into visiting phishing sites where they would reset their two-factor authentication (2FA) and passwords.
All account takeovers were connected through a single deployer address used for each scam. The attacker attempted to conceal the funding source by moving assets between the Solana and Ethereum networks.
ZachXBT advised users to avoid reusing email addresses across services and recommended using security keys for 2FA on important accounts.
Hacking social media accounts has become a prevalent strategy for cybercriminals looking to promote fake cryptocurrency projects or tokens. They often target well-known figures and brands to lend credibility to their deceptive schemes.
Earlier this month, the official X account of the Cardano Foundation was hacked, leading to the spread of false information about a nonexistent SEC lawsuit and the promotion of a scam token related to Solana.
The misinformation caused confusion within the Cardano community and negatively impacted the price of ADA, which dropped by 4% to $1.18.
In a separate case, rap star Drake’s official X account was hacked, promoting a fraudulent meme coin named ‘Anita.’
The adversary exploited his collaboration with gambling platform Stake to make false partnership claims, misleading his followers with fake token details and a project character. Both the misleading posts and the project’s X account were quickly removed and suspended.