Scroll co-founder Ye Chen’s X account was hijacked in a classy phishing operation the place attackers posed as platform workers to focus on crypto business figures.
The compromised account, which instructions substantial affect amongst crypto leaders, started distributing fraudulent messages claiming copyright violations and threatening account restrictions until customers clicked on malicious hyperlinks inside 48 hours.
The hackers reworked Chen’s profile to imitate X’s official branding, updating the bio to reference Twitter and nCino whereas warning followers about safety breaches.
The attackers flooded the feed with reposts from X’s verified accounts to boost perceived legitimacy, then launched their phishing marketing campaign through direct messages.
Refined Assault Mirrors Rising Sample
The breach follows established ways the place hackers exploit trusted accounts to distribute malicious hyperlinks disguised as pressing platform notifications.
Recipients obtained messages showing to return from X’s rights administration crew, full with pretend compliance warnings and time-sensitive appeals processes designed to create panic and bypass safety consciousness.
Blockchain safety researcher Wu Blockchain first recognized the compromise and alerted the group to disregard any communications from the account.
The warning emphasised explicit concern given Chen’s intensive community of high-profile cryptocurrency executives, builders, and traders who would possibly belief messages from his verified account.
Scroll co-founder @shenhaichen's X account has been hacked and is presently sending phishing personal messages impersonating X workers. This account has a big following amongst outstanding figures within the crypto business; the group and customers are suggested to pay attention to the… pic.twitter.com/ctXk2G0bQm
— Wu Blockchain (@WuBlockchain) January 25, 2026
The assault represents the newest escalation in social media compromises focusing on crypto business leaders, by which hackers more and more leverage delegated account entry and expired area registrations to bypass safety measures, together with two-factor authentication.
Trade Faces Relentless Social Engineering Wave
BNB Chain’s official account suffered an analogous breach in October when hackers posted pretend reward packages with phishing hyperlinks after Binance co-founder CZ warned followers towards clicking suspicious content material.
The compromised account promoted fraudulent BSC token distributions, promising early payouts to customers who voted on reward dates by means of malicious URLs designed to empty digital wallets.
Binance co-CEO Yi He’s WeChat account was additionally hijacked in December to advertise meme coin schemes, with attackers conducting a coordinated pump-and-dump operation across the token MUBARA.
Two wallets created hours earlier than the breach accrued 21.16 million tokens earlier than dumping holdings as retail merchants flooded in, netting attackers roughly $55,000 whereas leaving later patrons uncovered to cost collapse.
Changpeng Zhao @cz_binance warned that new co-CEO Yi He’s @heyibinance deserted WeChat account was hacked and used to push a meme coin referred to as MUBARA.#Binance #Memecoins https://t.co/sdyH325OMD
— Cryptonews.com (@cryptonews) December 10, 2025
Amongst different notable accounts hacked have been ZKsync and Matter Labs, which have been compromised in Might by means of what the crew described as “delegated accounts” with restricted posting privileges.
Hackers printed false claims about an SEC investigation alongside pretend airdrop promotions, triggering a 5% drop within the ZK token worth regardless of a previous 38.5% weekly rally.
The outstanding crypto media firm, Watcher.Guru additionally confirmed its account breach in March after pretend Ripple-SWIFT partnership claims unfold throughout related Telegram, Fb, and Discord channels by means of automated content material bots.
The crew suspects the compromise originated from a suspicious hyperlink containing uncommon question strings shared of their Telegram group weeks earlier.
Report Theft Yr Exposes Escalating Threats
The crypto ecosystem witnessed over $3.4 billion stolen in 2025, in line with Chainalysis’s 2026 Crypto Crime Report, with North Korean state-backed hackers accounting for a document $2.02 billion throughout fewer however more and more subtle assaults.
The Democratic Individuals’s Republic of Korea now represents 76% of all service compromises, bringing cumulative DPRK cryptocurrency theft to $6.75 billion since operations started.
Private pockets compromises surged to 158,000 incidents affecting at the very least 80,000 distinctive victims, triple the 54,000 circumstances recorded in 2022.
Deal with poisoning scams drove December’s single-largest loss, when one sufferer transferred $50 million to a fraudulent pockets mimicking their meant vacation spot, whereas personal key leaks resulted in $27.3 million stolen from multi-signature wallets.
Private Safety Breaches Surge Throughout Platforms
Most just lately, Ubuntu developer Alan Pope warned that attackers are hijacking Snap Retailer writer accounts by registering expired domains linked to reliable builders, then pushing malicious updates to beforehand trusted packages.
The method exploits computerized replace programs and established belief alerts, with at the very least 2 confirmed circumstances of wallet-stealing malware distributed by means of seemingly regular purposes.
Hackers are exploiting trusted Snap Retailer packages to steal cryptocurrency by hijacking present writer accounts.#Hack #Cryptohttps://t.co/YV5Yoiwb0F
— Cryptonews.com (@cryptonews) January 21, 2026
Given these rising, multifaceted assault vectors, Higher Enterprise Bureau officers are warning shoppers about phishing campaigns that lock X customers out of their accounts and are subsequently used for cryptocurrency promotions.
Kentucky journalist Jennie Rees described receiving direct messages from obvious colleagues requesting contest votes, solely to search out her account posting pretend Audi buy claims tied to crypto earnings after clicking the malicious hyperlink.
The publish Hackers Impersonate X Workers Utilizing Compromised Scroll Founder Account appeared first on Cryptonews.