Hacker breaches 15 X accounts, nets $500K boosting bogus memecoins
All account takeovers were connected through six deployer addresses used for each memecoin scam. The attacker attempted to obfuscate the funding source by bridging the stolen funds between the Solana and Ethereum networks, ZachXBT said
A threat actor has stolen around $500,000 over the last month from launching memecoin phishing scams on 15 compromised X accounts, according to blockchain investigator ZachXBT.
The perpetrator impersonated the X team and sent fake copyright infringement notices to create a sense of urgency and trick the social media platform’s users into visiting phishing sites, ZachXBT explained in a Dec. 24 X post.
The victims would then unknowingly use the fake site to reset their X account passwords and two-factor authentication (2FA) logins.
With the information, the perpetrator took control of 15 accounts and posted memecoin scams from them — netting around $500,000.
ZachXBT noted that the compromised X accounts were mostly crypto-focused and included Kick, Cursor, The Arena, Brett and Alex Blania.
All account takeovers were connected through six deployer addresses used for each memecoin scam. The attacker attempted to obfuscate the funding source by bridging the stolen funds between the Solana and Ethereum networks, ZachXBT said.
The blockchain sleuth recommended X users limit email address reuse between services and implement 2FA on “important accounts wherever possible.”
The first known incident involved RuneMine’s X account on Nov. 26, with the latest being Kick on Dec. 24.
Many of these X accounts have attracted a large audience with well over 200,000 X followers who are largely memecoin enthusiasts looking to catch the next hot tip.