How hackers use fake X links to steal crypto, and how to spot them

How fake X links enactment

Hackers often hijack trusted accounts oregon make fake ones to station phishing links that look legitimate.

If you usage X regularly, you’ve astir apt seen a giveaway station oregon a “limited-time airdrop” link that seems to travel from a trusted source. This is precisely what scammers trust on. They either interruption into verified accounts oregon impersonate large names successful crypto. Then they people posts urging you to click a nexus and link your wallet.

On May 29, an X idiosyncratic alerted the assemblage astir a fake $SONIC airdrop announcement circulating connected the platform, urging others not to click connected immoderate related links and to enactment vigilant against phishing attempts.

What happens adjacent depends connected the scam. Some links pb to fake wallet login pages designed to bargain your credentials. Others punctual you to o.k. a smart contract, which gives the attacker entree to your funds. These scams are getting much polished, often mimicking existent websites with convincing designs and near-identical URLs.

Why crypto is simply a premier target

Crypto transactions are fast, irreversible and often anonymous, making them perfect for scammers. Once a transaction is confirmed connected the blockchain, there’s nary getting it back. That makes crypto particularly charismatic to hackers. Many users besides store their funds successful blistery wallets connected to browsers oregon apps, which are much susceptible to phishing attempts.

Add to that the increasing popularity of NFTs and DeFi projects and determination is much anticipation for attacks. Approving the incorrect contract, adjacent once, tin beryllium each it takes to suffer everything successful your wallet.

Did you know? In March 2025, the authoritative X accounts of some the NBA and NASCAR were hacked, sending fake messages to millions of their followers. These messages falsely announced the motorboat of their ain cryptocurrencies, $NBA coin and $NASCAR coin.

Real-world examples of crypto scams via fake X links

These aren’t hypothetical. Hackers person already pulled disconnected immoderate high-profile attacks utilizing fake X links.

1. WIRED journalist’s X relationship hijacked (May 2025)

In May 2025, a WIRED writer disclosed that his X relationship was compromised and utilized to beforehand a fraudulent WIRED cryptocurrency via memecoin launchpad Pump.fun. The attackers created the coin and initiated a pump-and-dump scheme, manipulating the terms with deceptive promotions earlier rapidly selling disconnected their holdings. 

As a result, galore investors mislaid wealth and the writer became the people of harassment, including racist and threatening messages, particularly from an anonymous Telegram idiosyncratic who demanded a refund of $2,800. 

Analysis from Chainalysis and Hudson Intelligence revealed that the attackers controlled astir 12% of the coin and made an estimated $8,000–$10,000 successful nether 20 minutes. The funds were laundered done assorted crypto wallets and yet deposited into Binance, wherever the way ended. The writer had failed to unafraid their relationship with two-factor authentication, which facilitated the hack. Despite the risks and predominant scams, trading successful memecoins continues to beryllium popular, underscoring the ongoing vulnerabilities successful societal media and cryptocurrency platforms.

2. Pump.fun X relationship compromised (February 2025)

In February 2025, the authoritative X relationship of Pump.fun, a Solana-based memecoin generator, was hijacked to beforehand a fraudulent governance token called “PUMP.” Shortly aft the archetypal scam post, the hackers escalated their efforts by promoting different fake token, “GPT-4.5,” portion threatening to delete the Pump.fun X relationship if the token reached a $100 cardinal marketplace cap, further adding to the chaos and disorder among users. 

Pump.fun rapidly acknowledged the breach connected its Telegram channel, urging users not to prosecute with the compromised X account. This incidental highlights however adjacent platforms dedicated to memecoins tin go targets for blase scams.

3. Lara and Tiffany Trump’s X accounts breached (September 2024)

In September 2024, hackers breached the X accounts of Lara and Tiffany Trump, posting fraudulent contented promoting a household cryptocurrency venture, World Liberty Financial. Eric Trump declared the posts a scam, confirming the compromise connected X and the swift deletion of the fake posts. 

The incidental was notable fixed President Donald Trump’s narration with Elon Musk, who owns X. The household had been promoting World Liberty Financial, which had yet to motorboat and had already been targeted by scams. An authoritative World Liberty Financial relationship warned users to debar immoderate links oregon token purchases from the compromised profiles.

These examples underscore the value of vigilance erstwhile encountering cryptocurrency promotions connected societal media platforms.

How to spot a fake X nexus

Fake links often look real, but a person look usually reveals reddish flags. Being alert of the tiny details tin assistance you debar costly mistakes.

If you’re scrolling done X and travel crossed a station promoting a caller token, an exclusive airdrop oregon a nexus to “connect your wallet,” instrumentality a infinitesimal earlier clicking. These kinds of posts are communal tools successful phishing scams, and spotting them often comes down to examining the nexus and the discourse closely.

Here are a fewer things you tin look for:

1. Check the URL carefully

Before you click, hover implicit the nexus (if you’re connected desktop) oregon pat and clasp to preview it connected mobile. Look for tiny changes like:

• Misspelled words (for example, Binancee.com alternatively of Binance.com)
• Strange characters oregon other symbols
• Unfamiliar domain endings similar .click, .lol, oregon .xyz

If thing feels off, it astir apt is.

2. Watch for urgent oregon affectional language

Scam posts often effort to unit you. You mightiness spot phrases like:

• “Only 30 minutes left!”
• “Claim your escaped tokens now!”
• “Exclusive to aboriginal supporters!”

This urgency is designed to get you to enactment earlier you think. Real companies don’t unreserved you into fiscal decisions.

3. Look astatine the relationship down the post

Even if the station looks professional, instrumentality a infinitesimal to inspect the account:

• Is the username somewhat antithetic from an authentic marque oregon influencer?
• Does the relationship person a verified badge, oregon is it paid for?
• Are the past posts accordant and legitimate, oregon does the relationship abruptly commencement posting astir crypto?

Scammers often usage recently created oregon precocious hacked accounts to dispersed malicious links. For instance, successful December 2024, Scam Sniffer notified users of a crisp emergence successful fake crypto accounts connected X, informing that implicit 300 impersonator profiles appeared daily, astir treble the November average.

4. Notice engagement patterns

Are the replies filled with suspicious comments, fake praise, oregon bot activity? Scammers sometimes flood the comments with bots saying, “This worked!” oregon “Thanks, I conscionable got my airdrop!” These are meant to physique mendacious trust.

5. Double-check earlier you connect

If a nexus takes you to a wallet transportation page, double-check the website address. Fake wallet popups are 1 of the astir effectual tricks utilized to bargain your crypto. Always marque definite you’re connected the authoritative site, not a lookalike.

Did you know? A azygous unfortunate mislaid $2.6 cardinal successful stablecoins aft falling for 2 zero-value transportation phishing scams wrong conscionable 3 hours, highlighting the increasing threat of code poisoning successful crypto.

How to support yourself connected X

X is simply a almighty level for staying informed astir crypto, but it’s besides a favourite people for scammers. Knowing however to support your relationship and your assets tin prevention you from superior losses.

You don’t request to debar X wholly to enactment safe. But if you’re progressive successful crypto circles, you should dainty the level with the aforesaid caution you would observe successful a crowded marketplace. 

• Be cautious: Scammers often usage urgency and fake credibility to instrumentality you into clicking malicious links oregon connecting your wallet.
• Check URLs: Always hover implicit links to preview them. Watch for subtle misspellings oregon suspicious domain endings similar .xyz, .click oregon .site.
• Verify accounts: Even verified profiles tin beryllium hacked. Look astatine station history, engagement prime and relationship behaviour earlier trusting promotions.
• Use 2FA: Enable two-factor authentication with an app similar Google Authenticator oregon Authy to adhd a 2nd furniture of protection.
• Avoid DMs: Treat unsolicited messages promoting crypto projects oregon asking you to click links arsenic suspicious, particularly if they inquire for wallet access.
• Separate your wallets: Use 1 wallet for progressive interactions (airdrops, mints, trading) and different for semipermanent retention to bounds exposure.
• Report and mute: Help trim scam visibility by reporting fake accounts and muting thing suspicious successful your feed.
• Stay informed: Follow credible sources for updates connected caller phishing tactics, wallet drainers and trending scam formats.

Remember, a small caution goes a agelong mode successful keeping your assets and individuality protected successful a abstraction wherever spot is often the archetypal happening targeted.