TL;DR
- A threat actor stole approximately $500,000 through meme coin scams promoted via over 15 compromised X accounts, uncovered by blockchain investigator ZachXBT.
- The attacker used targeted phishing emails disguised as communications from the X team to gain access to accounts, tricking users into resetting their 2FA and passwords.
- The hacking of social media accounts to promote fake crypto projects has become prevalent, with notable incidents involving the Cardano Foundation and rap star Drake’s accounts.
A sophisticated threat actor has managed to steal approximately $500,000 through a series of meme coin scams promoted via more than 15 compromised X accounts. This alarming incident was uncovered by blockchain investigator ZachXBT, who highlighted the growing prevalence of hacking social media accounts to push fake projects or tokens in the crypto industry.
1/3 A threat actor has stolen ~$500K over the past month by compromising 15+ X accounts (Kick, Cursor, Alex Blania, The Arena, Brett, etc) from sending targeted phishing emails which impersonated the X team to steal credentials and then launch meme coin scams. pic.twitter.com/HEWQdVICgJ
— ZachXBT (@zachxbt) December 24, 2024
How the Scam Was Executed
The attacker gained access to the compromised accounts by sending targeted phishing emails disguised as communications from the X team. These emails included fake copyright infringement notices designed to create a sense of urgency and deceive users into visiting phishing sites.
Once on these sites, users were tricked into resetting their two-factor authentication (2FA) and passwords, allowing the attacker to take over their accounts. The compromised accounts included notable names such as Kick, Cursor, Alex Blania, The Arena, and Brett.
All account takeovers were linked to a single deployer address that facilitated each scam. To further conceal the funding source, the attacker moved assets between the Solana and Ethereum networks.
Impact on the Crypto Community
The hacking of social media accounts has become a prevalent strategy for cybercriminals looking to promote fake cryptocurrency projects or tokens. By targeting well-known figures and brands, these attackers lend credibility to their deceptive schemes.
This month, the Cardano Foundation’s official X account fell victim to a hack, resulting in the dissemination of misleading information regarding a fake SEC lawsuit and the promotion of a fraudulent token associated with Solana. This misinformation confused within the Cardano community and negatively impacted the price of ADA, which dropped by 4% to $1.18.
In a separate incident, rap star Drake’s official X account was hacked to promote a fraudulent meme coin named ‘Anita.’ The assailant took advantage of Drake’s association with the gambling site Stake to spread false claims about a partnership, deceiving his fans with fabricated token information and a projected persona. Both the deceptive posts and the project’s X account were swiftly taken down and suspended.
ZachXBT urged users to steer clear of reusing email addresses on different platforms and suggested implementing security keys for two-factor authentication on critical accounts. These measures can help protect against similar phishing attacks and account takeovers in the future.