Blockchain investigator ZachXBT has uncovered a classy phishing operation that has managed to compromise over 15 X accounts.
The scheme focused buyers in Solana-based meme cash and has resulted in an estimated lack of $500,000.
Solana Meme Coin Fraud
The Blockchain detective revealed in a December 24 social media post that the operation concerned impersonating the X crew and leveraging phishing web sites to achieve unauthorized entry to high-profile accounts.
The attackers used pretend copyright infringement notices to create a way of urgency, tricking account holders into visiting phishing web sites. These websites prompted customers to reset their two-factor authentication (2FA) or passwords.
As soon as credentials have been obtained, the hackers used the compromised accounts to push scams focusing on meme coin lovers.
Every compromised account shared a particular contract tackle tied to fraudulent Solana tokens, urging followers to take a position utilizing SOL. Posts usually featured the caption “Incoming Transmission,” adopted by a token announcement and contract particulars.
The cybercriminals additionally attempted to obscure their operations by bridging stolen funds between the Solana and Ethereum networks. Nevertheless, ZachXBT’s investigation uncovered that every one the hacked accounts have been linked via six deployer addresses used for the scams.
The scheme exploited the belief and huge audiences of crypto-focused accounts, a lot of which had over 200,000 followers. Distinguished ones affected included Kick, Cursor, The Area, Brett, and Alex Blania, with the primary reported incident occurring on November 26 involving RuneMine, whereas the latest was Kick on December 24.
Rising Threats to Social Media Platforms
This assault will not be an remoted incident however a part of a broader social media platform exploitation development by menace actors. X, a hub for crypto initiatives and creators, has more and more been focused for its prominence inside the neighborhood.
In an identical investigation in November, ZachXBT exposed a number of account takeovers on X and Instagram, which fueled pump-and-dump schemes tied to meme cash. Victims reportedly misplaced over $3.5 million throughout this spree, which started in August 2024.
The sample of those assaults stays constant: accounts are breached, fraudulent tokens are promoted, and the proceeds are funneled into nameless wallets.
Notable examples embody the hacking of Symbiotic’s X account in October, the place phishing hyperlinks disguised as airdrop checklists led to tokens being stolen. EigenLayer’s account was hijacked that month to advertise a pretend airdrop marketing campaign. Reality Terminal AI founder Andy Ayrey’s account was additionally used to advertise fraudulent meme cash, netting the hacker $1.5 million.
Following the most recent incident, the on-chain sleuth has suggested customers to extend their account safety by limiting the reuse of electronic mail addresses throughout providers and utilizing safety keys for 2FA every time doable.
Binance Free $600 (CryptoPotato Unique): Use this link to register a brand new account and obtain $600 unique welcome provide on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE place on any coin!