Coordinated Hacks Target Solana Meme Coin Investors
Blockchain investigator ZachXBT has exposed a sophisticated scam operation that has stolen over $500,000 through coordinated hacks on X accounts. These attacks, targeting Solana meme coin investors, began on November 26 and involve phishing schemes and fraudulent promotions.
Details of the Crypto Phishing Campaign
According to ZachXBT, more than 15 X accounts, including high-profile profiles like Kick, Cursor, Alex Blania, The Arena, and Brett, were compromised. The attackers impersonated the X team, sending phishing emails that appeared to address fake copyright infringement issues, creating a false sense of urgency.
Victims were directed to phishing websites where they were prompted to reset their two-factor authentication (2FA) or account passwords. Once the attackers gained access, the hacked accounts were used to promote fake Solana-based meme coins. Each account shared a fraudulent contract address and encouraged followers to invest using SOL, tricking victims into transferring funds.
Tracing the Scammers’ Activities
The investigation linked all 15 account takeovers (ATOs) to a single threat actor. The scammer attempted to obscure their activities by bridging funds between Solana and Ethereum. Despite these efforts, blockchain analysis traced the deployer address used for the fraudulent activities.
Key Security Recommendations
To avoid falling victim to such attacks, users should:
- Refrain from reusing email addresses across services.
- Implement physical security keys for 2FA on critical accounts.
- Remain cautious of urgent communications claiming to be from trusted platforms.
Rising Threats to X Accounts
X, formerly known as Twitter, has become a focal point for creators and projects, especially after Elon Musk’s acquisition emphasizing free speech and monetization. However, this popularity has attracted cybercriminals who exploit the platform to spread phishing links and execute scams.
High-Profile X Account Hacks
Recent months have seen a surge in attacks on X accounts:
- On December 8, the Cardano Foundation’s X account was hacked to promote a fake “ADAsol” token, falsely claiming the Foundation would stop supporting ADA. This scam generated $500,000 in trading volume before the token’s value crashed by 99%.
- In October, Symbiotic’s X account was compromised, with phishing links disguised as airdrop checklists used to steal tokens. EigenLayer, a restaking protocol, also faced a similar attack with a fake airdrop campaign.
- On October 29, Truth Terminal AI founder Andy Ayrey’s account was hijacked to promote fraudulent meme coins, netting $1.5 million for the hacker.
- In November, rapper Wiz Khalifa’s X account was exploited to promote a fake meme coin named WIZ. ZachXBT linked this attack to the same hacker behind Ayrey’s account compromise.
Conclusion
As these attacks grow in sophistication, users must stay vigilant. Platforms like X, with their vast reach, have become prime targets for cybercriminals employing urgency-driven scams and phishing schemes. Strengthening account security and spreading awareness are crucial to combating these threats.