Hold onto your digital hats, folks, because there’s a new scam on the block! This time, it’s a sneaky ploy that involves fake copyright notices and phishing traps, all designed to swipe your precious crypto. Who would've thought, right?
Our hero of the day, blockchain detective ZachXBT, has cracked open a devious phishing operation that's been causing quite a stir. Imagine this: over 15 X accounts have been compromised, leaving Solana-based meme coin investors scratching their heads and checking their wallets, which are now a cool $500,000 lighter.
In a December 24 revelation, ZachXBT shared the nitty-gritty of this operation. The crooks masqueraded as the X team, using phishing sites to break into high-profile accounts. Their weapon of choice? Phony copyright infringement notices that screamed urgency, tricking users into resetting their two-factor authentication (2FA) or passwords. Once inside, these digital bandits flipped the script, using the hijacked accounts to push dodgy schemes onto meme coin fans.
But wait, there’s more! Each hacked account broadcasted a specific contract address linked to shady Solana tokens, enticing followers to pony up their SOL. The posts came with catchy lines like “Incoming Transmission,” followed by juicy token announcement details.
To cover their tracks, these cyber tricksters shuffled stolen funds between Solana and Ethereum networks. Yet, ZachXBT pulled back the curtain, revealing that all these hijacked accounts were connected via six sneaky deployer addresses.
This scam capitalized on the trust and massive reach of crypto-centric accounts, some boasting over 200,000 followers! Big names like Kick, Cursor, The Arena, Brett, and Alex Blania were all caught in the crossfire, with the saga starting on November 26 and the latest hit happening on December 24.
This isn’t just a one-off caper; it’s part of a growing trend of social media platform exploits. X, being a hotspot for crypto projects, has become an enticing target for these digital miscreants. Just last November, ZachXBT unveiled a similar wave of account takeovers on X and Instagram, which led to pump-and-dump schemes involving meme coins. The damage? Over $3.5 million vanished into thin air from August 2024 onward.
The playbook is eerily similar: breach accounts, hype up fraudulent tokens, and stash the loot in anonymous wallets. Some memorable hits include Symbiotic’s X account in October, which fell for phishing links masked as airdrop checklists, and EigenLayer’s account, hijacked for a bogus airdrop campaign. Even Andy Ayrey, founder of Truth Terminal AI, wasn’t spared, his account used to peddle fake meme coins, raking in $1.5 million for the crooks.
In light of these shenanigans, ZachXBT has some sage advice for us all: beef up your security! Avoid reusing email addresses across services and, if you can, use security keys for 2FA. Stay sharp out there, crypto warriors!
