Users have been warned to remain vigilant following an incident in which hackers compromised the Yat Siu X account and promoted fake Solana tokens and contracts under the ruse that “Animoca Brands issuing new coins.”
According to an X post by Web 3 platform Animoca Brands, the Yat Siu X account was compromised in an apparent Solana scam where messages promoting a fictitious token on Solana’s Pump. fun platform. The post, which had been deleted by the time of writing, promoted a fake token dubbed Animoca Brands (MOCA), imitating the firm’s name and its affiliated NFT collection.
The Suspect Wallet Address Has Been Used in Previous Hacking Attacks
The incident caught the attention of blockchain investigator ZachXBT, who stated there had been a surge of attacks targeting the X accounts of important personalities within the crypto space. According to the on-chain sleuth, the latest Solana scam was a phishing attack most likely perpetuated by the same group that is suspected to have stolen a whopping $500,000 from crypto users during the last month alone.
ZachXBT revealed that the fictitious MOCA token achieved a peak market cap of $36,700 before dropping to $7,700 soon thereafter. By the time of writing, its value had further dropped to $6,200, with all activity surrounding its trade volume all but drying up. The blockchain investigator further linked the fake MOCA token to a wallet address that had been deployed in similar frauds involving other hacked X accounts.
At Least 15 X Accounts Breached in One Month
Following the incident, the social media site’s administrators suspended the Yat Siu X account before restoring it soon after. The fraudster responsible for hacking the Yat Siu X account cleverly timed their activity to coincide with the company’s latest promotion of the MOCA coin, which last week surged 200% before dropping 35% to trade at $0.35.
ZachXBT revealed that the shady group responsible for the Solana scam had recently targeted at least 15 other X accounts by impersonating their support teams and sending counterfeit copyright infringement notices to their victims. The attackers directed users to phishing sites and asked them to reset their credentials, including their two-factor authentication details, thereby handing over the control of their X accounts to the hackers.
Criminals Take Advantage of the Growing Prominence of Crypto on X
The Solana Scam targeting the Yat Siu X account joins a growing list of hacking incidents that started on November 26 when Bitcoin infrastructure provider RuneMine had their X account targeted before reaching crypto video trading video streaming provider Kick on December 24. The hackers’ audacity to target big players within the crypto and Web3 spaces highlights the fact that no one is safe from social engineering attacks.
Lately, there has been a wave of phishing attacks, with cybercriminals taking advantage of the growing prominence of crypto and Web3 projects on the X platform.
For example, the same hackers who compromised the Yat Siu X platform are suspected to have attacked the Cardano Foundation’s X account, where they promoted a fictitious “ADAsol” token stating that the foundation would stop supporting ADA. Cardano Foundation Chairman Charles Hoskinson confirmed the breach and revealed the scam had generated over $500,000 in trade volume before it was discovered.
Conclusion
While Animoca Brands has clarified it didn’t launch any NFT or official token, blockchain security investigator ZachXBT wonders why the Web3 platform never employed heightened security measures that could have prevented the hacking of the Yat Siu X account. Contrary to what the perpetrator of the Solana Scam said in their post, the token launch was not only fictitious but had users in harm’s way, seeing that the imposter used 2FA to secure the X account. ZachXBT has advised crypto users to remain cautious and avoid interacting with any suspicious accounts when asked for personal account details.
Frequently Asked Questions (FAQs)
What are phishing attacks, and how do they work?
Phishing attacks involve hackers tricking people into sharing sensitive information like private keys and passwords. When asking for information, hackers impersonate trustworthy entities, which they use to steal their assets.
Can you spot a phishing attack?
You can easily identify phishing attacks by looking out for signs like suspicious email addresses, generic greetings, spelling errors, urgent language, unexpected attachments, and links that don’t match domains.
What should you do when you receive a phishing email?
The best way to stay safe from phishing emails is to avoid clicking on suspicious links, providing personal information, or downloading attachments. Always verify the sender’s identity when in doubt.
