ZachXBT Exposes $500,000 Scheme Targeting Solana Meme Coin Investors in X

Blockchain researcher ZachXBT has exposed a sophisticated phishing operation that managed to compromise over 15 X accounts.

The scheme targeted investors in Solana-based meme coins and has resulted in an estimated loss of $500,000.

Solana Meme Coin Fraud

Blockchain Detective revealed in a December 24 post on social media that the operation involved impersonating Team X and leveraging phishing websites to gain unauthorized access to high-profile accounts.

Attackers used fake copyright infringement notices to create a sense of urgency, tricking account holders into visiting phishing websites. These sites asked users to reset two-factor authentication (2FA) or passwords.

Once the credentials were obtained, hackers used the compromised accounts to push scams targeting meme coin enthusiasts.

Each compromised account shared a specific contract address linked to fraudulent Solana tokens, urging followers to invest with SOL. The posts often featured the headline “Incoming Broadcast”, followed by a testimonial announcement and details of the contract.

Cybercriminals also tried to obfuscate their operations by pooling the stolen funds between the Solana and Ethereum networks. However, ZachXBT’s investigation found that all hacked accounts were linked through six deployment addresses used for the scams.

The scheme took advantage of the trust and large audiences of crypto-focused accounts, many of which had more than 200,000 followers. The most prominently affected were Kick, Cursor, The Arena, Brett and Alex Blania, with the first incident reported on November 26 with RuneMine, while the most recent was Kick on December 24.

Growing threats on social media platforms

This attack is not an isolated incident, but is part of a wider trend of exploitation of social media platforms by threat actors. X, a hub for crypto projects and creators, has been increasingly targeted for its prominence within the community.

In a similar investigation in November, ZachXBT exposed multiple account takeovers on X and Instagram, which fueled bomb-and-dump schemes linked to meme coins. Victims reportedly lost more than $3.5 million during this spree, which began in August 2024.

The pattern of these attacks remains consistent: accounts are breached, fraudulent tokens are promoted, and proceeds are funneled into anonymous wallets.

Notable examples include the hack of Symbiotic’s X account in October, where phishing links disguised as airdrop checklists led to the theft of tokens. EigenLayer’s account was hijacked that month for promoting a fake airdrop campaign. Truth Terminal AI founder Andy Ayrey’s account was also used to promote fraudulent meme coins, netting the hacker $1.5 million.

Following the latest incident, Chain Detective has advised users to increase their account security by limiting reuse of email addresses between services and using security keys for 2FA whenever possible.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

LIMITED OFFER for CryptoPotato Readers on Bybit – Use this link to register and open a FREE $500 position with any currency!