Blockchain investigator ZachXBT revealed a sophisticated phishing operation that successfully compromised more than 15 X accounts.
The scheme targeted investors in Solana-based meme coins and resulted in an estimated loss of $500,000.
Coin Fraud Solana Meme
Blockchain Detective Revealed in December 24 Social Network job that the operation involved impersonating Team X and exploiting phishing websites to gain unauthorized access to high-level accounts.
The attackers used fake copyright infringement notices to create a sense of urgency, tricking account holders into visiting phishing websites. These sites prompted users to reset their two-factor authentication (2FA) or passwords.
Once the credentials were obtained, the hackers used the compromised accounts to run scams targeting coin enthusiasts.
Each compromised account shared a specific contract address linked to fraudulent Solana tokens, directing subscribers to invest using SOL. Posts often included the caption “Transmission Incoming,” followed by a symbolic announcement and contract details.
Cybercriminals too tent to obfuscate their operations by linking stolen funds between the Solana and Ethereum networks. However, ZachXBT’s investigation found that all hacked accounts were linked through six deployment addresses used for the scams.
The system exploited the trust and large following of crypto-focused accounts, many of which had over 200,000 followers. The main ones affected were Kick, Cursor, The Arena, Brett and Alex Blania, with the first reported incident occurring on November 26th involving RuneMine, while the most recent was Kick on December 24th.
Growing threats to social media platforms
This attack is not an isolated incident but is part of a broader trend of exploitation of social media platforms by malicious actors. X, a hub for crypto projects and creators, is increasingly being targeted due to its prominence within the community.
In a similar survey in November, ZachXBT exposed several account takeovers on X and Instagram, which fueled pump-and-dump schemes linked to meme coins. Victims reportedly lost more than $3.5 million during this spree, which began in August 2024.
The pattern of these attacks remains the same: accounts are hacked, fraudulent tokens are promoted, and profits are funneled into anonymous wallets.
Notable examples include the piracy from Symbiotic’s X account in October, where phishing links disguised as airdrop checklists led to token theft. EigenLayer’s account was diverted that month to promote a fake airdrop campaign. Truth Terminal AI founder Andy Ayrey’s account was also used to promote fraudulent coins, netting the hacker $1.5 million.
Following the latest incident, the on-chain sleuth advised users to increase their account security by limiting the reuse of email addresses across services and using security keys for 2FA whenever possible.
Free Binance $600 (CryptoPotato Exclusive): Use this link to create a new account and receive an exclusive $600 welcome offer on Binance (all the details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to sign up and open a FREE $500 position on any coin!