Threat actor steals half a million via 15 compromised X accounts: ZachXBT

Threat actor steals half a million via 15 compromised X accounts: ZachXBT


Key Takeaways

A threat actor stole $500,000 via meme coin scams promoted through compromised X accounts.
ZachXBT suggests not reusing emails and using security keys for important accounts.

Share this article

A threat actor netted approximately $500,000 through a series of meme coin scams launched via more than 15 compromised X accounts, according to blockchain sleuth ZachXBT. The hacked accounts included Kick, Cursor, Alex Blania, The Arena, and Brett, among others.

okex

The attacker gained access by sending targeted phishing emails disguised as X team communications to steal user credentials, ZachXBT noted.

The scheme involved sending fake copyright infringement notices to create urgency and deceive users into visiting phishing sites where they would reset their two-factor authentication (2FA) and passwords.

All account takeovers were connected through a single deployer address used for each scam. The attacker attempted to conceal the funding source by moving assets between the Solana and Ethereum networks.

ZachXBT advised users to avoid reusing email addresses across services and recommended using security keys for 2FA on important accounts.

Hacking social media accounts has become a prevalent strategy for cybercriminals looking to promote fake cryptocurrency projects or tokens. They often target well-known figures and brands to lend credibility to their deceptive schemes.

Earlier this month, the official X account of the Cardano Foundation was hacked, leading to the spread of false information about a nonexistent SEC lawsuit and the promotion of a scam token related to Solana.

The misinformation caused confusion within the Cardano community and negatively impacted the price of ADA, which dropped by 4% to $1.18.

In a separate case, rap star Drake’s official X account was hacked, promoting a fraudulent meme coin named ‘Anita.’

The adversary exploited his collaboration with gambling platform Stake to make false partnership claims, misleading his followers with fake token details and a project character. Both the misleading posts and the project’s X account were quickly removed and suspended.

Share this article





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest