Blockchain investigator ZachXBT has exposed a sophisticated phishing operation that has managed to compromise over 15 X accounts.
The scheme targeted investors in Solana-based meme coins and has resulted in an estimated loss of $500,000.
Solana Meme Coin Fraud
The Blockchain detective revealed in a December 24 social media post that the operation involved impersonating the X team and leveraging phishing websites to gain unauthorized access to high-profile accounts.
The attackers used fake copyright infringement notices to create a sense of urgency, tricking account holders into visiting phishing websites. These sites prompted users to reset their two-factor authentication (2FA) or passwords.
Once credentials were obtained, the hackers used the compromised accounts to push scams targeting meme coin enthusiasts.
Each compromised account shared a specific contract address tied to fraudulent Solana tokens, urging followers to invest using SOL. Posts often featured the caption “Incoming Transmission,” followed by a token announcement and contract details.
The cybercriminals also attempted to obscure their operations by bridging stolen funds between the Solana and Ethereum networks. However, ZachXBT’s investigation uncovered that all the hacked accounts were linked through six deployer addresses used for the scams.
The scheme exploited the trust and large audiences of crypto-focused accounts, many of which had over 200,000 followers. Prominent ones affected included Kick, Cursor, The Arena, Brett, and Alex Blania, with the first reported incident occurring on November 26 involving RuneMine, while the most recent was Kick on December 24.
Growing Threats to Social Media Platforms
This attack is not an isolated incident but part of a broader social media platform exploitation trend by threat actors. X, a hub for crypto projects and creators, has increasingly been targeted for its prominence within the community.
In a similar investigation in November, ZachXBT exposed several account takeovers on X and Instagram, which fueled pump-and-dump schemes tied to meme coins. Victims reportedly lost over $3.5 million during this spree, which began in August 2024.
The pattern of these attacks remains consistent: accounts are breached, fraudulent tokens are promoted, and the proceeds are funneled into anonymous wallets.
Notable examples include the hacking of Symbiotic’s X account in October, where phishing links disguised as airdrop checklists led to tokens being stolen. EigenLayer’s account was hijacked that month to promote a fake airdrop campaign. Truth Terminal AI founder Andy Ayrey’s account was also used to promote fraudulent meme coins, netting the hacker $1.5 million.
Following the latest incident, the on-chain sleuth has advised users to increase their account security by limiting the reuse of email addresses across services and using security keys for 2FA whenever possible.
Read the full article here