$500K Heist: Hacker Exploits 15 X Accounts in Shocking Memecoin Scam

A hacker exploited 15 compromised X accounts to steal approximately $500,000 through phishing scams involving memecoins, as reported by blockchain investigator ZachXBT on Dec. 24.

The attacker deceived users by impersonating X’s team and sending fake copyright infringement notices, prompting victims to visit fraudulent websites where they unknowingly reset their X account credentials and two-factor authentication (2FA) details.

1/3 A threat actor has stolen ~$500K over the past month by compromising 15+ X accounts (Kick, Cursor, Alex Blania, The Arena, Brett, etc) from sending targeted phishing emails which impersonated the X team to steal credentials and then launch meme coin scams. pic.twitter.com/HEWQdVICgJ

— ZachXBT (@zachxbt) December 24, 2024

The hacked accounts, many with large followings exceeding 200,000, were predominantly crypto-focused, including Kick, Cursor, and Alex Blania.

Once compromised, these accounts were used to promote scam memecoins, allowing the hacker to amass significant profits.

ZachXBT traced the scams to six deployer addresses used to obscure the stolen funds by bridging them between the Solana and Ethereum networks.

The attacks began on Nov. 26 with RuneMine’s account and continued through Dec. 24.

ZachXBT advised users to avoid reusing email addresses across platforms and to enable 2FA for critical accounts.

The broader context highlights a surge in crypto scams during the holiday season.

Blockchain forensics firm Chainalysis reported $2.2 billion in crypto thefts across 303 major incidents in 2024, marking a 21% increase from the previous year, with centralized services being heavily targeted.

About The Author