Share this article on:
Hackers are continuing to hijack X (formerly Twitter) accounts to promote crypto scams, with the latest accounts to be affected belonging to Netgear and Hyundai Middle East and Africa (MEA).
The two accounts have a combined audience of over 160,000 followers, and both impersonate different crypto applications.
Signs that Netgear’s account had been hijacked appeared on 6 January, when it began replying to tweets by BRCapp, a mobile application for bitcoin.
It also made a number of posts on the same day, pushing a deal in which the first 1,000 people to sign up would receive $100,000.
“Registration for BRC Launchpad is already open,” the post said.
“First $100,000 IDO Goes Live, don’t miss your chance.”
The second post said that there were only 892 slots left.
Instead of an easy six-figure boost, those who fell for the trap instead had their NFTs and crypto stolen.
Hyundai MEA faced similar issues, with its X account being renamed in an effort to disguise itself as the Binance Labs-backed Overworld “cross-platform RPG”.
This is not a rare occurrence for Overworld, which has posted on its X account warning users to be cautious regarding links that may impersonate the game.
— OVERWORLD (@OverworldPlay) January 8, 2024
It appears Hyundai MEA is back in control of its account and has deleted all instances of scam posts. Netgear has also cleared its posts; however, a search through its replies still uncovers posts and replies made by the account regarding the scam.
Both accounts are without profile pictures and have cleared a large number of posts.
The two accounts are just the latest to suffer hijackings at the hands of crypto scammers, with cyber security firm Mandiant, among others, observed as a victim earlier this month.
After taking control of the Mandiant account, the hijacker renamed the account to @phantomsolw in an effort to impersonate the Phantom crypto wallet.
Once changed, the hackers spared no time posting about a “promotion” in which wallet users could claim free $PHNTM tokens.
Those without the wallet installed, as seen by BleepingComputer, are redirected to the legitimate site to download the wallet. However, once installed, those who click the link for the promotion will have their wallets drained.
Phantom said it had blocked the link to prevent further theft and added a pop-up warning users that the wallet had been used as part of a phishing scam.
“Phantom believes this website is malicious and unsafe to use. We have disabled the ability to interact with it in order to protect you and your funds,” said the pop-up.
“We are aware of the incident impacting the Mandiant X account and are working to resolve the issue,” it said.
Despite this, it appears that the hacker still has control of the Mandiant account but has given up the ploy of a legitimate promotion and has instead moved towards trolling Mandiant.
“Sorry, change password please,” said one post.
“Check bookmarks when you get account back.”