A hacker has stolen approximately $500,000 over the past month by exploiting 15 crypto-focused accounts on X (formerly Twitter) to run phishing scams promoting bogus memecoins, according to blockchain investigator ZachXBT.
How the Hack Unfolded
The hacker’s scheme involved impersonating the X team to send fake copyright infringement notices to account holders. These urgent messages tricked victims into visiting phishing sites, where they unknowingly reset their X account passwords and two-factor authentication (2FA) credentials.
Once the attacker gained access to these accounts, they used them to post memecoin scams, targeting the accounts’ followers. Many of these X accounts had substantial followings, with some exceeding 200,000 followers, mostly composed of memecoin enthusiasts looking for investment tips.
Accounts and Techniques Involved
ZachXBT identified 15 compromised accounts, including notable crypto accounts such as Kick, Cursor, The Arena, Brett, and Alex Blania.
- The scammer deployed six specific blockchain addresses for the fraudulent memecoin promotions.
- To obscure the stolen funds, the attacker bridged assets across the Solana and Ethereum networks.
Timeline of Attacks
The attacks began on Nov. 26 with the takeover of RuneMine’s account and continued through Dec. 24, when Kick’s account was compromised.
Neutron, a cross-chain scalability platform, is among the few affected accounts that publicly acknowledged the breach.
Crypto Scammers on the Rise
Crypto scams, especially phishing, appear to be rebounding as scammers target the holiday season. In November, phishing losses dropped 53% month-on-month to $9.3 million, but this recent attack suggests a shift in tactics.
According to Chainalysis, crypto theft reached $2.2 billion across 303 major incidents in 2024, marking a 21% increase compared to the previous year. Centralized services were among the most targeted platforms.
Safety Tips from ZachXBT
ZachXBT urged X users to enhance their account security by:
- Avoiding email address reuse across platforms.
- Implementing two-factor authentication (2FA) on critical accounts.
These precautions can help minimize the risk of falling victim to similar phishing schemes.
