Important takeaways
- A threat actor stole $500,000 via meme coin scams promoted through compromised X accounts.
- ZachXBT suggests not reusing emails and using security keys for important accounts.
A threat actor made about $500,000 through a series of meme coin scams launched via more than 15 compromised X accounts, according to blockchain maintainer ZachXBT. The hacked accounts included Kick, Cursor, Alex Blania, The Arena and Brett, among others.
1/3 A threat actor stole ~$500,000 in the last month by compromising 15+ X accounts (Kick, Cursor, Alex Blania, The Arena, Brett, etc) from sending targeted phishing emails impersonating to be the X team to steal credentials and then start meme coin scams. pic.twitter.com/HEWQdVICgJ
— ZachXBT (@zachxbt) December 24, 2024
The attacker gained access by sending targeted phishing emails disguised as X-Team communications to steal user credentials, ZachXBT noted.
The scheme involved sending fake copyright infringement notices to create urgency and trick users into visiting phishing websites where they would reset their two-factor authentication (2FA) and passwords.
All account takeovers were linked via a single deployer address used for each fraud. The attacker tried to hide the source of funding by moving assets between the Solana and Ethereum networks.
ZachXBT advised users to avoid reusing email addresses across services and recommended using security keys for 2FA on important accounts.
Hacking social media accounts has become a widespread strategy for cyber criminals looking to promote fake cryptocurrency projects or tokens. They often target well-known figures and brands to lend credibility to their deceptive schemes.
Earlier this month, the official X account for The Cardano Foundation was hackedleading to the spread of false information about a non-existent SEC process and the promotion of a scam token related to Solana.
The misinformation caused confusion within the Cardano community and negatively affected the price of ADA, which fell 4% to $1.18.
In a separate case, rap star Drake’s official X account was hackedwhich promotes a fraudulent meme coin called “Anita.”
The adversary leveraged its partnership with gaming platform Stake to make false partnership claims, misleading its followers with fake token details and a project nature. Both the misleading posts and the project’s X account were quickly removed and suspended.
