A hacker who took over the Tron DAO X account is estimated to have made around $45,000 in improperly solicited funds, according to a spokesperson from Tron.
Speaking to Cointelegraph, the Tron public relations team confirmed that on May 2, the Tron DAO account posted a contract address and sent direct messages to solicit payments in exchange for promotional advertising on the Tron account.
“Our security team quickly identified the intrusion and cut off access to the hacker, but we ask the community to continue to be vigilant. We will never ask anyone for payments like this via DM or otherwise,” they said.
The team said that based on the illicit contract address the hacker posted, the amount improperly solicited appeared to be around $45,000.
Asked whether the same hacker could be responsible for the supposed New York Post’s X account hack on May 3, the Tron team told Cointelegraph that there “appear to be some similarities” between the two security incidents; however, they also cautioned that the investigation is ongoing and “any definitive connection would be premature.”
After regaining access, Tron DAO said in a May 2 X update that they suspect the hack resulted from a team member being “targeted in a malicious social engineering attack, which led to their account being compromised.”
“Even after the perpetrator was logged out and our access restored, they continued contacting others, offering posts from our main account in exchange for payment,” Tron DAO said.
The Tron team is still investigating and says they are in contact with law enforcement. Tron founder Justin Sun also accused crypto exchange OKX of failing to act on a law enforcement request to freeze stolen funds connected to the attack.
OKX founder and CEO Star Xu has publicly denied the allegation, and Sun has removed the original post with the accusation.
Curve Finance joins list of X account hacks
Decentralized lending protocol Curve Finance also recently suffered an X account takeover by a bad actor, adding to the growing list of high-profile firms and individuals “silently” accessed by social media hackers.
In a now-deleted May 5 X post, a scammer posing as Curve Finance shared a link to a CRV airdrop with a weeklong registration period, which some eagle-eyed X users quickly suspected could be fraudulent.
Curve Finance founder Michael Egorov confirmed in a reply to analyst CrediBULL Crypto that it was a bad actor posting sham links so far, “No other account appears to be hacked — the control over X account was just silently taken by someone.”
The Curve Finance team has since regained access with the help of a team that included the cybersecurity group SEAL, and found that aside from posting scam links, the hacker also blocked some users who flagged the account takeover, including CrediBULL Crypto.
The cause of the hack has yet to be shared publicly, but in response to a user’s query, the Curve finance team said it’s still “unclear how account” access was taken, and there was “No sign of any client-side compromise.”
Other high-profile X account hacks
A slew of other high-profile X accounts have also been taken over by bad actors this year. On April 15, a member of the UK’s Parliament, Lucy Powell, had her account taken over to promote a scam crypto token called the House of Commons Coin (HOC).
Crypto data aggregator Kaito AI and its founder, Yu Hu, were the victims of an X social media hack on March 15, when scammers posted that the Kaito wallets were compromised and users’ funds were at risk.
Related: Breaking Bad star’s X account hacked for memecoin scheme
Meanwhile, Pump.fun’s X account was also hacked on Feb. 26 and promoted several fake tokens, including a fraudulent governance token for the platform called Pump.
Magazine: Bitcoin to $1M ‘by 2029,’ CIA tips its hat to Bitcoin: Hodler’s Digest, April 27 – May 3
