Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesEarnWeb3SquareMore
Trade
Spot
Buy and sell crypto with ease
Margin
Amplify your capital and maximize fund efficiency
Onchain
Going Onchain, without going Onchain!
Convert & block trade
Convert crypto with one click and zero fees
Explore
Launchhub
Gain the edge early and start winning
Copy
Copy elite trader with one click
Bots
Simple, fast, and reliable AI trading bot
Trade
USDT-M Futures
Futures settled in USDT
USDC-M Futures
Futures settled in USDC
Coin-M Futures
Futures settled in cryptocurrencies
Explore
Futures guide
A beginner-to-advanced journey in futures trading
Futures promotions
Generous rewards await
Overview
A variety of products to grow your assets
Simple Earn
Deposit and withdraw anytime to earn flexible returns with zero risk
On-chain Earn
Earn profits daily without risking principal
Structured Earn
Robust financial innovation to navigate market swings
VIP and Wealth Management
Premium services for smart wealth management
Loans
Flexible borrowing with high fund security

Crypto X (Twitter) account hacks on the rise: A deep dive into hacker scams

Crypto trends
Crypto X (Twitter) account hacks on the rise: A deep dive into hacker scams
In recent months, an increasing number of crypto projects, industry professionals, politicians, and celebrities have had their social media accounts hacked and used to spread scam messages. Some Bitget employees have also fallen victim to similar phishing attacks. After regaining access to their accounts, we conducted a thorough investigation and discovered that attackers are employing increasingly deceptive and hard-to-detect methods. This article aims to raise industry-wide awareness of these evolving security threats.

A Bitget employee targeted by phishing

In mid-May, a Bitget business development employee received a private message on X from someone posing as a potential partner, inviting him to discuss a collaboration. The two parties quickly scheduled a meeting, which proceeded as planned. During the call, the other party sent several installation files, claiming they were for "function testing", and encouraged the Bitget employee to run them.
In the following days, the employee began receiving messages from friends and industry contacts asking, "Did you send me a weird DM on X?" Realizing something was wrong, he promptly contacted Bitget's security team. Working together, they were able to recover the account using the linked email and other verification methods.

How hackers target crypto X accounts and profit from them

As we continued our security review, we uncovered the hacker's methods step by step, and how they turned these attacks into profit.
Step 1: The hacker uses a compromised account to send DMs, luring victims into a Telegram conversation under the pretense of a partnership.
❗Security tips:
  1. These private messages may not always come from suspicious burner accounts — some may even be sent from verified profiles. However, the scam messages are not actually sent by the legitimate team.
  2. The hacker has quietly gained control of the official account and then directed the victim to Telegram to continue the scam.
  3. The messages are often deleted immediately after being sent, so the original account owner may not notice anything unusual, even if hundreds of messages have been sent.
Step 2: After the victim contacts the hacker on Telegram, the hacker proposes a video meeting and shares a file during the call.
❗Security tips:
  1. The hacker often disguises their Telegram account as a real employee, using information from platforms like LinkedIn. The account ID may closely mimic that of a real employee — for example, by mixing up an 'I' (capital i) and an 'l' (lowercase L), which can look nearly identical.
  2. The shared file contains malicious code designed to trick the victim into installing it. Once installed, it can give the hacker access to the victim's computer and enable the theft of social media accounts, as well as crypto or fiat assets.
Step 3: After gaining access to the victim's device, the hacker attempts to steal assets directly. Then, they use the victim's X and Telegram accounts to target more victims, sending scam messages that direct recipients to the same hacker-controlled Telegram account.
❗Security tips:
  1. As mentioned earlier, these scam messages are often deleted immediately after being sent, so the account owner may not realize their account has been compromised.
  2. This explains why scam messages may appear from verified accounts, yet no action is taken — because the real owners are still unaware of the breach.
Step 4: Once the next victim engages with the hacker on Telegram, the scam is tailored based on the hacker's assumed identity.
❗Security tips:
  1. If a hacker disguises themselves as an exchange employee, they typically lure the victim into transferring funds under the pretense of a token listing partnership.
  2. If they impersonate a project team member, they'll often pitch an "early investment opportunity" to convince the victim to transfer funds.
  3. If they claim to represent an investment firm, they may frame it as a funding round or collaboration.
  4. If the impersonated identity doesn't directly generate financial gain, the hacker may use it as a springboard — tricking the victim's contacts into installing malware, thereby compromising their accounts and expanding the scam network.

Summary

The methods described in this article still revolve around a familiar core tactic: planting trojans through malicious file downloads to gain control of a victim's device. What's new, however, is how much more sophisticated and deceptive the tactics have become:
  1. Hackers now use compromised, verified X accounts to send DMs, significantly increasing credibility and the scam's success rate.
  2. Messages are deleted immediately after being sent, so account owners often remain unaware of any breach. This allows hackers to operate undetected for longer. In the past, hackers would post scam tweets right away — such as fake giveaways or links to scam tokens — which, while effective for quick returns, also alerted the account owner and the public much faster.
  3. The Telegram accounts used to continue the scam are carefully spoofed, often with usernames and profiles that closely mimic those of real team members.

How to identify and prevent similar phishing attacks

  1. Be wary of "official" invitations. Always verify the sender's identity through multiple channels. If it's someone you know, check whether your previous chat history is still intact before continuing the conversation.
  2. Never download or open files sent by unknown parties. If you need to install meeting tools like Zoom or Teams, always download them directly from the official website. This is crucial.
  3. During meetings, only allow access to your camera and microphone. Never grant additional permissions that could enable remote access to your device.
  4. Never leave your computer unattended during a call. If you must step away, have someone else monitor the screen to prevent hackers from accessing your device while you're away.
  5. Do not back up your seed phrases on your computer or mobile phone. Enable multi-factor authentication (MFA) wherever possible.
  6. For any device that manages funds, use an iPhone updated to the latest version, enable Lockdown Mode, and avoid using it for external communication. Keep it separate from your work and social devices.

Account compromised? Act fast to minimize losses

Even the best security practices aren't foolproof. If your account is hacked, how quickly you respond can make all the difference.
  1. Disconnect your computer from the internet and shut it down to immediately cut off the hacker's access.
  2. Check your fund security and wallet authorizations. If your local wallet (e.g., browser extensions or private key storage) has been exposed, transfer assets to a brand-new wallet using a newly generated private key. Do not reuse the same seed phrase.
  3. Try recovering the account using another device or email. If you're still logged in somewhere, quickly use your linked email or phone number to reset your password and log out of all other sessions. Once your account is retrieved, immediately revoke all third-party login permissions to prevent hackers from continuing to manipulate your account.
  4. Notify and alert your contacts. Warn others not to trust any recent DMs from you, and report the compromised account to help prevent a wider chain of victims.
The above cases are not isolated cases, but challenges that every user in the entire crypto industry may face. At Bitget, we not only build protection mechanisms, but also hope to work with you to truly turn "security awareness" into ability. Bitget's "Anti-Scam Month" is currently underway, and we have launched a series of anti-scam content and interactive activities. Welcome to the activity page. Let's improve our ability to identify fraud and guard the security boundary together.
larkLogo2025-06-19
How to buy BTCBitget lists BTC – Buy or sell BTC quickly on Bitget!
Trade now
Recommended
We offer all of your favorite coins!
Buy, hold, and sell popular cryptocurrencies such as BTC, ETH, SOL, DOGE, SHIB, PEPE, the list goes on. Register and trade to receive a 6200 USDT new user gift package!
Trade now