Share this article on:
High-profile verified accounts on X (formerly Twitter) are being hacked by cyber criminals to advertise cryptocurrency scams.
The hackers appear to be targeting accounts with gold or grey verification, which represent official organisations and government officials or agencies, respectively.
There have been several reported cases of these accounts being compromised, with the account of cyber threat intelligence firm Mandiant being one of the most notable.
After taking control of the Mandiant account, the hijacker renamed the account to @phantomsolw in an effort to impersonate the Phantom crypto wallet.
Once changed, the hackers spared no time posting about a “promotion” in which users of the wallet could claim free $PHNTM tokens.
Those without the wallet installed, as seen by BleepingComputer, are redirected to the legitimate site to download the wallet. However, once installed, those that clicked the link for the promotion will have their wallets drained.
Phantom said it had blocked the link to prevent further theft and added a pop-up warning users that the wallet had been used as part of a phishing scam.
“Phantom believes this website is malicious and unsafe to use. We have disabled the ability to interact with it in order to protect you and your funds,” said the pop-up.
Additionally, Mandiant told BleepingComputer that it was aware of the hijacking and had taken steps to fix it.
“We are aware of the incident impacting the Mandiant X account and are working to resolve the issue,” it said.
Despite this, it appears that the hacker still has control of the Mandiant account but has given up the ploy of a legitimate promotion and has instead moved towards trolling Mandiant.
“Sorry, change password please,” said one post.
“Check bookmarks when you get account back.”
Following the Mandiant account takeover, a number of other accounts have been targeted in the same way, as tracked by MalwareHunterTeam.
These include the accounts of Brazilian politician Ubiratan Sanderson, Canadian senator Amina Gerba, and a non-profit called The Green Grid.
The account of Amina Gerba, a senator in the Canadian Senate got pwned, renamed & being used to spread scam. And as she is a senator, the account has a gray checkmark.
— MalwareHunterTeam (@malwrhunterteam) January 2, 2024
🤷♂️
The actors are using it to fake as the "LFG" project that not even have a blue checkmark on their account.
😂 pic.twitter.com/keeyUPyggz