A malicious actor stole approximately $500,000 over the past month by running memecoin phishing scams on 15 compromised X accounts, according to blockchain investigator ZachXBT.
The perpetrator posed as Team said ZachXBT in a December 24 X article.
Victims then unknowingly used the fake site to reset their X account passwords and two-factor authentication (2FA) logins.
Using this information, the perpetrator took control of the accounts and posted memecoin scams, netting around $500,000.
ZachXBT noted that the compromised X accounts were primarily crypto-focused and included Kick, Cursor, The Arena, Brett, and Alex Blania.
All account takeovers were connected via six deployment addresses used for each memecoin scam. The attacker attempted to conceal the funding source by linking the stolen funds between the Solana and Ethereum networks, ZachXBT said.
The blockchain detective recommended that X users limit the reuse of email addresses across services and implement 2FA on “important accounts wherever possible.”
The first known incident involved RuneMine’s X account on November 26, with the last being Kick on December 24.
Many of these X accounts have a large following, with over 200,000 followers who are primarily memecoin enthusiasts looking to cash in on the next tip.
Many memecoin phishing scams were captioned “Incoming Transmission,” followed by a token announcement and contract address.
Some compromised X accounts, such as crosschain scalability platform Neutron, have acknowledged the incident.
Crypto fraudsters may be looking to make up lost ground this holiday season after phishing losses fell 53% month-over-month in November to $9.3 million.
Around $2.2 billion was stolen by crypto thieves in 2024 following 303 major incidents, blockchain investigation firm Chainalysis reported earlier this month.
The company said it saw a 21% year-over-year increase, with centralized services among the hardest hit.