A threat actor stole approximately $500,000 by targeting Solana coin investors and popular X pages. The hack attacked 15 accounts, including those of Brett, Kick Streaming and Alex Bania, via phishing emails disguised as official Team X communications.
According to a post by blockchain investigator ZachXBT, the attacker tricked users into sending fake copyright infringement notifications that created a sense of urgency, tricking victims into visiting phishing sites. Once on these fraudulent pages, users were tricked into resetting their passwords and two-factor authentication (2FA) information, allowing the hacker to steal their credentials.
Solana users targeted
After taking control of the account, the hacker used the compromised page to promote a new coin, often sharing a contract address and encouraging followers to invest their Solana (SOL). This tactic tricked unsuspecting victims into transferring funds, believing they were investing in a legitimate project.
All account takeovers (ATOs) were traced back to a single deployer address, which was used to run each of the scams. The attacker attempted to hide the origin of the funds by transferring assets between the Solana and Ethereum networks.
Recently, hackers have increasingly targeted X due to its widespread use by projects to promote themselves to users and investors. User X @loo_here joined the discussion and responded to ZachXBT’s thread about the situation.
“This phishing email X is downright nasty. So many people depend on X for their projects, I’m sure they panic and click without thinking, @loo_here wrote.
The user also suggested that X could improve security by adding a code known only to the account holder to verify the legitimacy of emails or implementing other preventive countermeasures.
ZachXBT urged users to avoid reusing email addresses across different services and recommended implementing security keys for 2FA on critical accounts to improve protection.
Cybercriminals target high-profile personalities and brands
In early December, the official X account of the Cardano Foundation was pirateleading to the spread of misleading claims regarding a fake U.S. Securities and Exchange Commission (SEC) lawsuit and the promotion of a fraudulent SOL-related token.
The spread of misinformation caused confusion within the Cardano community and led to a 4% drop in the price of ADA, which fell to $1.18.
In November, a former professional Fortnite player known as Serpent was accused of stealing $3.5 million through coin-op scams that targeted several high-profile brands and artists. Wallet addresses connected to Serpent have played a major role in several meme coin-related pump and dump schemes launched on the Pump.fun platform.
Learn more
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult a qualified financial advisor before making any investment decisions.
Post Views: 38