The X (formerly Twitter) account associated with American rapper Nelly recently experienced a security breach and was used to spread a crypto phishing scam.
The hacker altered the rapper’s account details, pretending to be a security analyst for a legitimate online security platform, Scam Sniffer. The misleading bio read: “On-chain security analyst. Helping you catch scammers @realscamsniffer.”
Shortly after, the account became inaccessible, leading to speculation that it was deleted or removed for security reasons.
The attackers strategy was to lure X users to a crypto phishing site that attempted to compromise their funds.
This involved sending messages to users, according to on-chain investigator ZachXBT. The messages falsely claim a necessity to investigate suspicious activities on their crypto wallets, ultimately attempting to trick them into divulging sensitive information.
ZackXBT said on messaging app Telegram: “They are currently messaging people in an attempt to social engineer them into using a phishing site.”
Scam Sniffer issued a warning on X in response, urging users to verify they were interacting with the company’s genuine site, emphasizing the correct domain as “scamsniffer.io.”
“@NellioETH is compromised and pretending to be a member of ScamSniffer. They are trying to message people in an attempt to social engineer them into using a phishing site,” Scam Sniffer stated on X
It is not clear at the time of writing if any funds have been stolen via this scam.
Crypto phishing scams on X
The method employed by the hacker is known as phishing, a scamming technique where the attacker pretends to be a trustworthy entity, convincing victims to hand over confidential information, often leading to unauthorised access to financial accounts. Within the crypto context, this could involve the private keys needed to access cryptocurrency wallets.
This year there have been various significant crypto phishing scams on X, many involving high-profile accounts.
During an incident in September, Ethereum ($ETH) co-founder Vitalik Buterin’s Twitter account was hacked. The scammer posted a fraudulent announcement about a free non-fungible token (NFT) giveaway, targeting millions of Buterin’s followers.
Although the tweet was live for only 20 minutes before being identified as a scam and removed, the damage was significant.
According to ZachXBT, the hackers managed to steal around $691,000 worth of crypto. They were also able to sell off valuable NFTs, including a rare CryptoPunk, pocketing over $200,000.
Subsequent transactions in the hackers’ wallets indicated they had obtained 300 ETH, equivalent to about $468,000.
In another example this year, eight X accounts were hacked in June that belonged to key figures in the cryptocurrency industry and were used to spread similar phishing scams.
Victims of these hacks included Pudgy Penguins’ creator Cole Villemain, musician and NFT enthusiast Steve Aoki, and Bitcoin Magazine’s editor, Pete Rizzo.
The hackers’ coordinated and sophisticated operation led to the theft of nearly $1m in cryptocurrencies.