A hacker has been utilizing a misleading technique to achieve management of high-profile accounts on X, the social media platform, and is utilizing them to push a pretend memecoin.
ZachXBT, a blockchain investigator, uncovered the scheme after monitoring a sequence of phishing assaults concentrating on key accounts.
The attacker initiated the assault by sending fraudulent emails that appeared to return from the X group, falsely notifying the customers of coverage violations.
These emails had been crafted to generate urgency, pushing recipients to click on on a malicious hyperlink that led them to a phishing web site designed to steal login credentials. By this technique, the hacker managed to hijack 15+ accounts, together with well-known names like Kick, Cursor, and Alex Blania, and stole roughly $500,000 within the course of.
As soon as the accounts had been compromised, the attacker locked the customers out, altered safety settings, and gained management of the posts. Utilizing these accounts, they shared hyperlinks selling a rip-off token to unsuspecting followers. In an effort to cowl their tracks, the hacker additionally moved funds throughout Solana and Ethereum blockchains, making it more durable to hint the stolen cash.
ZachXBT urges customers to undertake stronger safety practices, equivalent to limiting e mail reuse between platforms and enabling 2FA with {hardware} safety keys on necessary accounts to stop future assaults.