In his recent research, On chai investigator ZachXbt revealed an elaborate phishing attack that saw a bad actor make approximately $500,000 over the past month after attacking more than 15 high-profile X accounts , including Kick, Cursor, Alex Blania, The Arena, Brett and others. The accounts were used to control meme coin scams by obtaining phishing email IDs.
A phishing system revealed
As for this heist, the hackers impersonated official Team X emails and faked copyright infringement to ensure that targets immediately rushed to purchase the meme coins. People were lured into fake pages where they were redirected to provide new access codes for their accounts, including two-factor authentication (2FA).
Once the accounts were compromised, the attacker launched into coin scams, correlating all 15 ATOs through a single shared deployment address. The funds stolen in these scams were then transferred via the Solana-Ethereum blockchain to make it more difficult for law enforcement to trace the assets.
Safety Recommendations
ZachXBT encouraged users to rush into account strengthening to minimize these risks. Key recommendations include:
- Avoid email reuse: Don’t use a single email address for different services.
- Implement strong 2FA: use it instead of the 2FA SMS code for important accounts, using a security key instead.
- Verify communications: Confirm the authenticity of all emails, especially those on behalf of official forums.
It is important that the crypto community remains vigilant and continues to fight to stop such activities from fraudsters. In particular, this fits well with the current state of affairs in security, with a strong defense being the only effective means against ever-increasing cyber threats.
Never miss a beat in the crypto world!
Stay ahead of the curve with breaking news, expert analysis and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs and more.