Over the past month, a hacker breached more than 15 X accounts through phishing and used them to promote fraudulent meme token schemes, according to on-chain detective ZachXBT.
1/3 A threat actor has stolen ~$500K over the past month by compromising 15+ X accounts (Kick, Cursor, Alex Blania, The Arena, Brett, etc) from sending targeted phishing emails which impersonated the X team to steal credentials and then launch meme coin scams. pic.twitter.com/HEWQdVICgJ
— ZachXBT (@zachxbt) December 24, 2024
Among the victims were accounts from the streaming platform Kick, AI assistant Cursor, World (formerly Worldcoin) co-founder Alex Blania, meme coin Brett, SocialFi app The Arena, and others.
The hacker, posing as the X team, sent fake copyright infringement notices to lure victims to a phishing site to reset passwords and 2FA from the account.
3/3 An example of a phishing email received by X users can be seen below and the emails all follow the same script:
>send fake copyright infringement email
>create a sense of urgency
>trick user into visiting phishing site and resetting 2FA/passwordMakes sure to limit email… pic.twitter.com/j1SWMTlWW3
— ZachXBT (@zachxbt) December 24, 2024
After gaining control of the accounts, the hacker posted advertisements for the launch of native meme tokens on behalf of each victim, attaching the address of a fraudulent smart contract to collect investments. The proceeds were then laundered through the Solana and Ethereum networks.
In total, the scheme netted the hacker approximately $500,000.
To prevent account theft, ZachXBT recommended using different email addresses for each platform and setting up additional layers of account security.
According to a report by Hacken, in 2024, the Solana network became a hub for fraud due to the meme token boom.