How hackers use fake X links to steal crypto, and how to spot them

How fake X links work

Hackers typically hijack trusted accounts or create fake ones to put up phishing links that look reputable.

In case you use X recurrently, you’ve in all probability seen a giveaway put up or a “limited-time airdrop” link that appears to come from a trusted supply. That is precisely what scammers depend on. They both break into verified accounts or impersonate big names in crypto. Then they publish posts urging you to click on a hyperlink and join your wallet.

On Might 29, an X person alerted the group a couple of fake $SONIC airdrop announcement circulating on the platform, urging others not to click on on any associated links and to keep vigilant in opposition to phishing makes an attempt.

Fake airdrop announcement link on X

What occurs subsequent is dependent upon the rip-off. Some links lead to fake pockets login pages designed to steal your credentials. Others immediate you to approve a smart contract, which supplies the attacker entry to your funds. These scams are getting extra polished, typically mimicking actual web sites with convincing designs and near-identical URLs.

@zksync X account got compromised in May 2025

Why crypto is a first-rate goal

Crypto transactions are quick, irreversible and typically nameless, making them excellent for scammers. As soon as a transaction is confirmed on the blockchain, there’s no getting it again. That makes crypto particularly enticing to hackers. Many customers additionally retailer their funds in sizzling wallets linked to browsers or apps, that are extra susceptible to phishing attempts.

$LOUD token scam

Add to that the rising reputation of NFTs and DeFi projects and there may be extra chance for assaults. Approving the incorrect contract, even as soon as, may be all it takes to lose the whole lot in your pockets.

Do you know? In March 2025, the official X accounts of each the NBA and NASCAR had been hacked, sending fake messages to thousands and thousands of their followers. These messages falsely introduced the launch of their very own cryptocurrencies, $NBA coin and $NASCAR coin.

Actual-world examples of crypto scams by way of fake X links

These aren’t hypothetical. Hackers have already pulled off some high-profile assaults utilizing fake X links.

1. WIRED journalist’s X account hijacked (Might 2025)

In Might 2025, a WIRED journalist disclosed that his X account was compromised and used to promote a fraudulent WIRED cryptocurrency by way of memecoin launchpad Pump.fun. The attackers created the coin and initiated a pump-and-dump scheme, manipulating the value with misleading promotions earlier than rapidly promoting off their holdings.

Joel Khalili on his X account being hacked

In consequence, many buyers misplaced cash and the journalist turned the goal of harassment, together with racist and threatening messages, particularly from an nameless Telegram person who demanded a refund of $2,800.

Evaluation from Chainalysis and Hudson Intelligence revealed that the attackers managed about 12% of the coin and made an estimated $8,000–$10,000 in below 20 minutes. The funds had been laundered by means of numerous crypto wallets and ultimately deposited into Binance, the place the path ended. The journalist had failed to safe their account with two-factor authentication, which facilitated the hack. Regardless of the dangers and frequent scams, buying and selling in memecoins continues to be widespread, underscoring the continuing vulnerabilities in social media and cryptocurrency platforms.

2. Pump.enjoyable X account compromised (February 2025)

In February 2025, the official X account of Pump.enjoyable, a Solana-based memecoin generator, was hijacked to promote a fraudulent governance token known as “PUMP.” Shortly after the preliminary rip-off put up, the hackers escalated their efforts by selling one other fake token, “GPT-4.5,” whereas threatening to delete the Pump.enjoyable X account if the token reached a $100 million market cap, additional including to the chaos and confusion amongst customers.

Pump.enjoyable rapidly acknowledged the breach on its Telegram channel, urging customers not to interact with the compromised X account. This incident highlights how even platforms devoted to memecoins can grow to be targets for classy scams.

3. Lara and Tiffany Trump’s X accounts breached (September 2024)

In September 2024, hackers breached the X accounts of Lara and Tiffany Trump, posting fraudulent content material selling a household cryptocurrency enterprise, World Liberty Financial. Eric Trump declared the posts a rip-off, confirming the compromise on X and the swift deletion of the fake posts.

The incident was notable given President Donald Trump’s relationship with Elon Musk, who owns X. The household had been selling World Liberty Monetary, which had but to launch and had already been focused by scams. An official World Liberty Monetary account warned customers to keep away from any links or token purchases from the compromised profiles.

These examples underscore the significance of vigilance when encountering cryptocurrency promotions on social media platforms.

How to spot a fake X hyperlink

Fake links typically look actual, however a better look normally reveals crimson flags. Being conscious of the small particulars may also help you keep away from expensive errors.

In case you’re scrolling by means of X and come throughout a put up selling a brand new token, an unique airdrop or a hyperlink to “join your pockets,” take a second earlier than clicking. These sorts of posts are widespread instruments in phishing scams, and recognizing them typically comes down to inspecting the hyperlink and the context carefully.

Right here are some things you possibly can search for:

1. Test the URL fastidiously

Earlier than you click on, hover over the hyperlink (should you’re on desktop) or faucet and maintain to preview it on cellular. Search for small modifications like:

Misspelled phrases (for instance, Binancee.com as an alternative of Binance.com)
Unusual characters or further symbols
Unfamiliar area endings like .click on, .lol, or .xyz

If one thing feels off, it in all probability is.

2. Look ahead to pressing or emotional language

Rip-off posts typically strive to stress you. You would possibly see phrases like:

“Solely half-hour left!”
“Declare your free tokens now!”
“Unique to early supporters!”

This urgency is designed to get you to act before you think. Actual firms don’t rush you into monetary selections.

3. Have a look at the account behind the put up

Even when the put up seems to be skilled, take a second to examine the account:

Is the username barely totally different from an genuine model or influencer?
Does the account have a verified badge, or is it paid for?
Are the previous posts constant and reputable, or does the account out of the blue begin posting about crypto?

Scammers typically use newly created or lately hacked accounts to unfold malicious links. For example, in December 2024, Rip-off Sniffer notified customers of a pointy rise in fake crypto accounts on X, warning that over 300 impersonator profiles appeared day by day, almost double the November common.

4. Discover engagement patterns

Are the replies crammed with suspicious feedback, fake reward, or bot exercise? Scammers typically flood the feedback with bots saying, “This labored!” or “Thanks, I simply bought my airdrop!” These are meant to build false trust.

5. Double-check earlier than you join

If a hyperlink takes you to a pockets connection web page, double-check the web site handle. Fake pockets popups are some of the efficient methods used to steal your crypto. All the time be sure to’re on the official website, not a lookalike.

Do you know? A single sufferer misplaced $2.6 million in stablecoins after falling for 2 zero-value switch phishing scams inside simply three hours, highlighting the rising threat of address poisoning in crypto.

How to shield your self on X

X is a robust platform for staying knowledgeable about crypto, however it’s additionally a favourite goal for scammers. Understanding how to shield your account and your property can prevent from critical losses.

You don’t want to keep away from X totally to keep secure. However should you’re lively in crypto circles, you need to deal with the platform with the identical warning you’ll observe in a crowded market.

Be cautious: Scammers typically use urgency and fake credibility to trick you into clicking malicious links or connecting your pockets.
Test URLs: All the time hover over links to preview them. Look ahead to delicate misspellings or suspicious area endings like .xyz, .click on or .website.
Confirm accounts: Even verified profiles may be hacked. Have a look at put up historical past, engagement high quality and account conduct earlier than trusting promotions.
Use 2FA: Allow two-factor authentication with an app like Google Authenticator or Authy to add a second layer of safety.
Keep away from DMs: Deal with unsolicited messages selling crypto initiatives or asking you to click on links as suspicious, particularly in the event that they ask for pockets entry.
Separate your wallets: Use one pockets for lively interactions (airdrops, mints, buying and selling) and one other for long-term storage to restrict publicity.
Report and mute: Assist cut back rip-off visibility by reporting fake accounts and muting something suspicious in your feed.
Keep knowledgeable: Comply with credible sources for updates on new phishing techniques, pockets drainers and trending rip-off codecs.

Bear in mind, a little bit warning goes a great distance in holding your property and id protected in an area the place belief is commonly the very first thing focused.

Source link