An individual with malicious intent has managed to pilfer approximately $500,000 in the past month by carrying out memecoin phishing scams on 15 compromised X accounts, as per findings by blockchain investigator ZachXBT.
The perpetrator masqueraded as a part of the X team and dispatched fabricated copyright infringement notices to induce a sense of urgency, thereby deceiving users of the social media platform into visiting phishing websites, as detailed in a post by ZachXBT on December 24.
Unbeknownst to the victims, they would end up utilizing the forged website to reset their X account passwords and two-factor authentication (2FA) logins. Subsequently, armed with this information, the individual seized control of the 15 accounts and executed memecoin scams from them, resulting in an accumulated sum of approximately $500,000.
It was highlighted that the compromised X accounts were primarily centered around cryptocurrencies and encompassed platforms such as Kick, Cursor, The Arena, Brett, and Alex Blania. The account takeovers were interlinked through six deployer addresses employed for each memecoin scam. In an effort to obscure the funding source, the attacker endeavored to transfer the stolen funds between the Solana and Ethereum networks, ZachXBT revealed.
For enhanced security measures, ZachXBT recommended that X users refrain from reusing email addresses across multiple services and opt for 2FA on vital accounts whenever feasible.
The series of incidents commenced with RuneMine’s X account on November 26 and extended up to Kick on December 24. Notably, several of these X accounts command a hefty following, boasting over 200,000 followers who predominantly consist of memecoin enthusiasts eager to seize the next lucrative opportunity.
Numerous memecoin phishing scams bore the caption “Incoming Transmission,” trailed by a token announcement and contract address. Certain compromised X accounts, including the crosschain scalability platform Neutron, have acknowledged the events.
It is plausible that crypto scammers are striving to compensate for previous setbacks during this festive period, particularly following a 53% decline in phishing losses to $9.3 million in November. Chainalysis, a blockchain forensics agency, disclosed that crypto thieves had absconded with a staggering $2.2 billion in 2024 from 303 significant incidents, signifying a 21% surge compared to the previous year, with centralized services enduring severe repercussions.