Scroll co-founder Ye Chen’s X account was hijacked in a complicated phishing operation the place attackers posed as platform staff to focus on crypto trade figures.
The compromised account, which instructions substantial affect amongst crypto leaders, started distributing fraudulent messages claiming copyright violations and threatening account restrictions until customers clicked on malicious hyperlinks inside 48 hours.
The hackers reworked Chen’s profile to imitate X’s official branding, updating the bio to reference Twitter and nCino whereas warning followers about safety breaches.
The attackers flooded the feed with reposts from X’s verified accounts to boost perceived legitimacy, then launched their phishing marketing campaign by way of direct messages.
Refined Assault Mirrors Rising Sample
The breach follows established ways the place hackers exploit trusted accounts to distribute malicious hyperlinks disguised as pressing platform notifications.
Recipients acquired messages showing to return from X’s rights administration crew, full with faux compliance warnings and time-sensitive appeals processes designed to create panic and bypass safety consciousness.
Blockchain safety researcher Wu Blockchain first recognized the compromise and alerted the neighborhood to disregard any communications from the account.
The warning emphasised specific concern given Chen’s in depth community of high-profile cryptocurrency executives, builders, and buyers who would possibly belief messages from his verified account.
Scroll co-founder @shenhaichen's X account has been hacked and is at the moment sending phishing non-public messages impersonating X staff. This account has a big following amongst outstanding figures within the crypto trade; the neighborhood and customers are suggested to concentrate on the… pic.twitter.com/ctXk2G0bQm
— Wu Blockchain (@WuBlockchain) January 25, 2026
The assault represents the newest escalation in social media compromises focusing on crypto trade leaders, during which hackers more and more leverage delegated account entry and expired area registrations to bypass safety measures, together with two-factor authentication.
Business Faces Relentless Social Engineering Wave
BNB Chain’s official account suffered an analogous breach in October when hackers posted faux reward applications with phishing hyperlinks after Binance co-founder CZ warned followers in opposition to clicking suspicious content material.
The compromised account promoted fraudulent BSC token distributions, promising early payouts to customers who voted on reward dates via malicious URLs designed to empty digital wallets.
Binance co-CEO Yi He’s WeChat account was additionally hijacked in December to advertise meme coin schemes, with attackers conducting a coordinated pump-and-dump operation across the token MUBARA.
Two wallets created hours earlier than the breach gathered 21.16 million tokens earlier than dumping holdings as retail merchants flooded in, netting attackers roughly $55,000 whereas leaving later patrons uncovered to cost collapse.
Changpeng Zhao @cz_binance warned that new co-CEO Yi He’s @heyibinance deserted WeChat account was hacked and used to push a meme coin known as MUBARA.#Binance #Memecoins https://t.co/sdyH325OMD
— Cryptonews.com (@cryptonews) December 10, 2025
Amongst different notable accounts hacked have been ZKsync and Matter Labs, which have been compromised in Might via what the crew described as “delegated accounts” with restricted posting privileges.
Hackers revealed false claims about an SEC investigation alongside faux airdrop promotions, triggering a 5% drop within the ZK token worth regardless of a previous 38.5% weekly rally.
The outstanding crypto media firm, Watcher.Guru additionally confirmed its account breach in March after faux Ripple-SWIFT partnership claims unfold throughout related Telegram, Fb, and Discord channels via automated content material bots.
The crew suspects the compromise originated from a suspicious hyperlink containing uncommon question strings shared of their Telegram group weeks earlier.
Report Theft Yr Exposes Escalating Threats
The crypto ecosystem witnessed over $3.4 billion stolen in 2025, in response to Chainalysis’s 2026 Crypto Crime Report, with North Korean state-backed hackers accounting for a file $2.02 billion throughout fewer however more and more subtle assaults.
The Democratic Folks’s Republic of Korea now represents 76% of all service compromises, bringing cumulative DPRK cryptocurrency theft to $6.75 billion since operations started.
Private pockets compromises surged to 158,000 incidents affecting a minimum of 80,000 distinctive victims, triple the 54,000 instances recorded in 2022.
Handle poisoning scams drove December’s single-largest loss, when one sufferer transferred $50 million to a fraudulent pockets mimicking their meant vacation spot, whereas non-public key leaks resulted in $27.3 million stolen from multi-signature wallets.
Private Safety Breaches Surge Throughout Platforms
Most lately, Ubuntu developer Alan Pope warned that attackers are hijacking Snap Retailer writer accounts by registering expired domains linked to legit builders, then pushing malicious updates to beforehand trusted packages.
The method exploits computerized replace techniques and established belief alerts, with a minimum of 2 confirmed instances of wallet-stealing malware distributed via seemingly regular purposes.
Hackers are exploiting trusted Snap Retailer packages to steal cryptocurrency by hijacking current writer accounts.#Hack #Cryptohttps://t.co/YV5Yoiwb0F
— Cryptonews.com (@cryptonews) January 21, 2026
Given these rising, multifaceted assault vectors, Higher Enterprise Bureau officers are warning customers about phishing campaigns that lock X customers out of their accounts and are subsequently used for cryptocurrency promotions.
Kentucky journalist Jennie Rees described receiving direct messages from obvious colleagues requesting contest votes, solely to search out her account posting faux Audi buy claims tied to crypto earnings after clicking the malicious hyperlink.
The submit Hackers Impersonate X Workers Utilizing Compromised Scroll Founder Account appeared first on Cryptonews.