Key Takeaways
- The attacker gained control of at least 15 high-profile accounts
- Many of the targeted accounts had substantial followings, with some having over 200,000 followers
A series of phishing attacks targeting X accounts has led to the theft of approximately $500,000 over the past month, as per blockchain investigator ZachXBT. The attacker gained control of at least 15 high-profile accounts, many within the digital asset sector, including those belonging to Kick, Cursor, Alex Blania, The Arena, and Brett.
The attacker initiated the scam by sending fraudulent emails disguised as notifications from X, warning of copyright infringements. These emails were designed to create a sense of urgency, prompting the recipients to visit fake phishing sites.
On these sites, users were tricked into resetting their passwords and two-factor authentication (2FA) settings, allowing the attacker to gain full control of the accounts.
Once access was secured, the attacker used the compromised accounts to promote memecoin scams, which led to financial losses for their followers. The stolen funds were moved between the Solana and ETH blockchains to obscure the source.
Many of the targeted accounts had substantial followings, with some having over 200,000 followers, largely consisting of memecoin enthusiasts.
ZachXBT’s investigation revealed that the scams were linked to six deployer addresses, which were used to orchestrate the fraudulent activities. The attacker appeared to use multiple methods to hide the trail of stolen assets, moving funds across different blockchain networks.
The report emphasized that phishing attacks, especially those targeting social media accounts with large followings, remain a significant threat in the cryptocurrency space.
ZachXBT also offered advice to users to protect their accounts from similar attacks. He advised that individuals avoid reusing email addresses across different services and suggested the use of hardware security keys for 2FA, especially for accounts with high visibility or large followings.
This string of attacks is part of a larger trend in which cybercriminals exploit compromised social media accounts to promote fake airdrops and crypto projects.
Earlier this year, a similar breach involved the official X account of the Cardano Foundation, where attackers spread false information about a supposed SEC lawsuit and promoted a scam token. This misinformation led to confusion within the Cardano community and negatively impacted the price of ADA.
In another case, the X account of rapper Drake was hacked, and false claims of a partnership with the gambling platform Stake were used to promote a fraudulent meme coin called ‘Anita.’
