Hacker Exploits 15 Crypto X Accounts, Steals $500K via Phishing Scams

Hacker Breaches X Accounts to Pump Memecoin Scams A hacker has stolen $500,000 over the last month by compromising 15 crypto-focused X accounts to shill scam memecoin projects, blockchain investigator ZachXBT claims. Bogus Copyright Notices Leveraged to Dupe Victims The attacker impersonated the X platform team and sent fake copyright infringement notices to targeted users. These messages were urgent, meaning the victims clicked on phishing links. On these phishing websites, the users unknowingly reset their account passwords and 2FA credentials, thus giving the hacker complete access. Crypto Accounts with Large Followings Targeted Among the compromised accounts were Kick, Cursor, The Arena, Brett, and Alex Blania, all very popular among cryptocurrency enthusiasts. Combined, these accounts have in excess of 200,000 followers, most of whom are memecoin investors looking for the next big thing. The hacker posted scams in each of these accounts, captioned “Incoming Transmission”, followed by a fake token announcement and contract address. The posts deceived users into interacting with the scam projects to siphon funds. Obfuscation of Stolen Funds ZachXBT followed the operation to six deployer addresses used in the scams. The attacker bridged assets between the Solana and Ethereum networks , a modus operandi of cyber attackers as they mask the origin of stolen funds and confuse their movements in order not to be traced. Security Tips for X Users ZachXBT encouraged the users to take extra care to secure their accounts. Suggestions include not using the same email address on different platforms and providing 2FA for critical accounts. Making these options stronger will reduce the chance of such attacks. Wider Context of Crypto Scams This incident joins a spate of crimes related to crypto that seem to be on the increase. Although phishing losses decreased 53% month-over-month in November to $9.3 million, it appears scammers are trying harder during the holiday season. As it were, Chainalysis estimates that already in 2024, $2.2 billion has been stolen across 303 major incidents-a 21% increase from the previous year. Centralized services remain the hardest hit, making cybersecurity a critical concern for the crypto community . By exposing these scams, investigators like ZachXBT highlight the growing need for vigilance among cryptocurrency users. Protecting personal information and account access remains paramount in combating these sophisticated cybercrimes.