logo

Decrypting DeFi

Blockchain&Beyond

Coin Quest

NFT Revolution

Futureproofed

  • decrypting defi
  • blockchain&beyond
  • news
  • 30 Dec 24

ZachXBT: Hacker Stole $500K via Phishing Attacks on X

A hacker stole more than $500,000 by compromising over 15 accounts on X, according to on-chain analyst ZachXBT.

  • 68
  • 0
  • 0
nft.eu
  • rating +18
  • subscribers 70

A hacker stole more than $500,000 by compromising over 15 accounts on X, according to on-chain analyst ZachXBT. After gaining access to these accounts, the hacker used them to promote fraudulent meme tokens.

Scale of the Attack

The core of the attack involved fake emails warning users about alleged copyright infringements. These emails created a sense of urgency, prompting recipients to click a link to reset their password and two-factor authentication (2FA). As a result, victims entered their credentials on phony websites under the hacker’s control.

ZachXBT reported that the compromised accounts belonged to both private individuals and organizations, including prominent ones such as Kick, Cursor, Alex Blania and The Arena. It’s estimated that in just one month, the hacker managed to amass around $500,000.

Affected accounts. Source: ZachXBT
Affected accounts. Source: ZachXBT

The analyst noted that all 15 breaches are linked through addresses used to create the fraudulent tokens. The hacker moved funds between Solana and Ethereum to obscure the source of the funds.

Investigations showed the emails followed the same pattern:

  1. Sending a fake “copyright violation” warning
  2. Creating a false sense of urgency
  3. Redirecting the user to a bogus site to reset their password or disable 2FA

These messages were disguised as official correspondence from the X team, enhancing their effectiveness.

How to Protect Yourself

Experts recommend the following precautions:

  • Verify the sender’s address for any emails
  • Avoid clicking suspicious links
  • Use strong passwords and do not disable 2FA
  • Double-check information through official support channels

This is not the first instance in which ZachXBT has exposed schemes involving fraudulent token promotions. Previously, the analyst revealed how a former esports player known as Serpent orchestrated a series of memecoin scams, causing investors to lose $3.5 million. Using hacked accounts belonging to well-known brands and personalities, such as McDonald’s and Usher, Serpent promoted fake tokens. Read more about it at the provided link.

This post is for informational purposes only and is not an ad or investment advice. Please do your own research making any decisions.

  • 68
  • 0
  • 0