A hacker has stolen approximately $500,000 through memecoin phishing scams by breaching 15 crypto-focused X accounts, according to blockchain investigator ZachXBT. The attacker impersonated the X team and sent out fake copyright infringement notices to create urgency, leading users to phishing sites. Victims unintentionally reset their account passwords and two-factor authentication (2FA) credentials on these fraudulent sites. With the stolen information, the hacker took control of various accounts, including high-profile ones like Kick and Cursor, to promote memecoins. The breach began with RuneMine's account on November 26 and continued until December 24, involving accounts with significant followings. To mask the source of funds, the hacker bridged stolen assets between Solana and Ethereum. ZachXBT advised X users to limit email reuse and implement 2FA on important accounts to enhance security. The rise in phishing scams during the holiday season follows a reported $9.3 million loss in November due to similar attacks.

Source 🔗