Last updated:
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Blockchain investigator ZachXBT revealed on December 24 that over 15 X accounts have been hacked in a coordinated scam targeting Solana meme coin investors. The attacks have allowed scammers to steal an estimated $500,000.
ZachXBT Uncovers Crypto Phishing Campaign: How Scammers Steal Over $500K From X Accounts
ZachXBT showed that these incidents, which began on November 26, are part of a larger scheme by an unknown hacker or group. Over 15 breaches have been linked to this operation.
The accounts targeted include Kick, Cursor, Alex Blania, The Arena, and Brett. The attacker accessed these accounts by impersonating the X team in a phishing campaign.
The phishing emails were designed to look like official communication from X. They claimed to address fake copyright infringement issues, creating a sense of urgency.
Victims were tricked into visiting a phishing website where they were prompted to reset their two-factor authentication (2FA) or password. Once credentials were obtained, the attacker used the compromised accounts to promote meme coin scams.
Once compromised, the accounts were used to promote fake Solana-based tokens. Each hacked account shared a contract address and urged followers to invest using SOL, tricking unsuspecting victims into transferring funds.
Tracing the deployer address associated with the scams has linked each of the 15 account takeovers (ATOs).
The attacker attempted to hide their funding sources by bridging funds between Solana and Ethereum. Despite these efforts, investigators connected the activities to a single threat actor.
To protect against such attacks, users are advised to avoid reusing email addresses across services. Security experts also recommend using physical security keys for 2FA on critical accounts whenever possible.
X Accounts Under Attack: Symbiotic, EigenLayer, and Truth Terminal Fall Victim to Hacks
X, formerly known as Twitter, has become a hub for projects and creators, especially after Elon Musk’s acquisition, which emphasized free speech and creator monetization.
However, its growing prominence has also attracted cybercriminals who exploit the platform to spread phishing links and target creators with scams.
On December 8, the Cardano Foundation’s X account was hacked. The attacker promoted a fake “ADAsol” token and falsely claimed the Foundation would stop supporting ADA.
The scam generated $500,000 in trading volume before the token’s value plummeted by 99%.
Cardano founder Charles Hoskinson confirmed the breach but warned of the increasing threat to social media accounts.
This incident is one of many recent hacks targeting X accounts.
In October, Symbiotic’s X account was compromised, and the attacker posted phishing links disguised as airdrop checklists, leading to stolen tokens. EigenLayer, another restaking protocol, faced a similar hack with a fake airdrop campaign.
On Oct. 29, Truth Terminal AI founder Andy Ayrey’s account was hijacked to promote fraudulent meme coins, resulting in $1.5 million in profits for the hacker.
In November, rapper Wiz Khalifa’s X account was used to shill a fake meme coin called WIZ. Blockchain investigator ZachXBT linked this hacker to Ayrey’s account compromise.
These cyberattacks are growing in sophistication, especially on X, which targets its users with urgency-driven scams and phishing schemes.