Animoca Brands’ co-founder Yat Siu fell victim to a major cybersecurity breach as his X account was hacked, spreading false information about a non-existent cryptocurrency token. The incident underscores growing concerns over phishing scams targeting high-profile crypto figures.
The Hack and Its Immediate Fallout
The hacked account posted misleading information claiming a token launch on the Solana blockchain. Animoca Brands promptly issued a statement, warning its followers not to interact with the compromised account. “There is no official token or NFT launch from Animoca Brands,” the company clarified.
The statement urged users to remain vigilant, emphasizing that the alleged token promotion was entirely fraudulent. This quick action highlighted the company’s commitment to mitigating the potential impact on unsuspecting users.
A Growing Trend of Phishing Attacks
Crypto investigator ZachXBT, known for his deep dives into scams and phishing schemes, had already sounded the alarm about an increase in such attacks. Over the past month, a single threat actor reportedly stole over $500,000 by taking control of more than 15 prominent X accounts.
Among those affected were high-profile figures like Kick, Cursor, Alex Blania, The Arena, and Brett. The hacker utilized phishing emails that mimicked the official X team to steal account credentials, launching memecoin scams to exploit the followers of compromised accounts.
How the Phishing Works:
- Tactics Used: Victims receive fake copyright infringement notices designed to instill urgency.
- Outcome: Targets are tricked into accessing phishing sites to “reset” two-factor authentication (2FA) or passwords.
- Recommendation: ZachXBT suggests using unique email addresses for different services and enabling security keys for 2FA.
The targeted phishing emails follow a predictable yet effective pattern, making it imperative for users to strengthen their account security.
Linking the Scams: A Common Thread
ZachXBT’s analysis revealed that the scams originating from Yat Siu’s account were connected to earlier incidents. All of them traced back to the same deployer address: “BL1hs3jw58d1S9xw7cKRUx9wXY94se9Ydt7bCgN1W3pL.” This address was also linked to phishing scams targeting Kick and Vanar CEOs.
The investigation revealed how the attacker bridged funds between Solana and Ethereum in an effort to obscure the source of their ill-gotten gains. These details provide crucial insights into the evolving tactics of online fraudsters.
Protecting Yourself from Scams
Crypto users and traders can learn from these incidents and adopt measures to enhance their online security. ZachXBT recommends these practices:
- Use Unique Email Addresses: Assign different emails to each platform or service.
- Enable Security Keys: Implement hardware-based two-factor authentication for critical accounts.
- Stay Vigilant: Be cautious about any communication urging immediate action, particularly concerning passwords or 2FA resets.
The Bigger Picture
This breach is just the latest in a series of attacks targeting the cryptocurrency community. The industry’s rapid growth has made it a lucrative target for scammers, particularly through platforms like X, where public figures engage directly with their followers.
The fallout from Yat Siu’s account hack serves as a reminder of the need for constant vigilance and robust cybersecurity measures in the digital asset space.