The scheme employed fabricated copyright infringement notices to deceive users into visiting fraudulent websites and resetting their 2FA or passwords.
ZachXBT, a blockchain investigator, has identified a sophisticated fraud operation that has successfully compromised more than 15 X accounts.
The scheme pursued investors in meme currencies based in Solana and has led to an estimated loss of $500,000.
In a social media post on December 24, the Blockchain detective disclosed that the operation involved the impersonation of the X team and the use of fraudulent websites to obtain unauthorized access to high-profile accounts.
The assailants employed fabricated copyright infringement notices to induce a sense of urgency, thereby deceiving account holders into visiting fraudulent websites. These sites requested that users reset their passwords or two-factor authentication (2FA).
Hackers exploited compromised accounts to distribute schemes that targeted meme coin enthusiasts after they had acquired the necessary credentials.
Each compromised account shared a specific contract address that was associated with fraudulent Solana tokens, encouraging followers to invest using SOL. Subsequent to a token announcement and contract details, posts frequently included the caption “Incoming Transmission.”
The cybercriminals also endeavored to conceal their operations by establishing a connection between the Solana and Ethereum networks to transfer stolen funds. Nevertheless, ZachXBT’s investigation revealed that the six deployer addresses utilized in the schemes were the common thread connecting all of the compromised accounts.
The scheme capitalized on the trust and substantial audiences of crypto-focused accounts, with a significant number of these accounts boasting over 200,000 followers. Kick, Cursor, The Arena, Brett, and Alex Blania were among the most notable individuals affected. The first reported incident occurred on November 26, involving RuneMine, and the most recent was Kick on December 24.
This assault is not an isolated incident; rather, it is a component of a more extensive trend of threat actors exploiting social media platforms. The prominence of X, a center for crypto initiatives and creators, has been the subject of increasing scrutiny within the community.
In November, ZachXBT conducted a comparable investigation that revealed numerous account takeovers on Instagram and X, which were fueling pump-and-dump schemes associated with meme coins. According to reports, the rampage, which commenced in August 2024, resulted in the loss of more than $3.5 million for the victims.
Also Read: Crypto mining is currently prohibited in ten regions of Russia
