source: https://x.com/H4ckManac/status/1882666323018412085/photo/1 |
On January 23, 2025, FalconFeeds.io, a leading cybersecurity threat intelligence platform, suffered a major security breach when its official X (formerly Twitter) account was hijacked by attackers promoting a crypto scam. Despite Multi-Factor Authentication (MFA) being enabled, the attackers managed to bypass security measures and take control of the account for over seven hours, posting fake crypto giveaway tweets and malicious links aimed at stealing funds from followers.
The attack began around 6:00 PM PST and continued until 1:30 AM PST on January 24, 2025. During that time, the attackers posted tweets every minute, directing users to fraudulent domains such as mstr-x2-giveaway[.]com. These domains were part of a larger malicious infrastructure linked to previous crypto scams, with several domains impersonating well-known figures like Michael Saylor of MicroStrategy.
FalconFeeds’ investigation revealed that the attackers likely used techniques such as phishing for MFA codes, session hijacking, or exploiting third-party app vulnerabilities to bypass MFA and maintain persistent access. The coordinated nature of the attack is similar to other high-profile Twitter hacks, such as the 2020 incident involving accounts of Elon Musk, Bill Gates, and Barack Obama, which also centered around crypto scams.
The investigation uncovered more than 10 interconnected domains, including saylor-giveaway[.]com and saylor-x2crypto[.]com, registered with privacy-protected WHOIS information. Many of these domains were tied to previous YouTube-based crypto scams in 2023, indicating that the same group of attackers had been operating for a while and systematically targeting platforms with high engagement.
FalconFeeds was not the only target. Several other verified X accounts with blue checkmarks were also compromised in what appears to be a well-planned, cross-platform crypto scam campaign. The attackers exploited the credibility of verified accounts to amplify their reach, posting deepfake images and misleading messages referencing popular crypto keywords like $BTC, $ETH, and #Bitcoin.
Similar attacks have been seen in the past, including:
- The July 2020 Twitter Hack, where attackers compromised 130 high-profile accounts using social engineering and internal tools, stealing over $120,000 in Bitcoin.
- Robinhood’s Twitter Hack in January 2023, where attackers promoted a fake crypto token and caused financial losses among users.
In response to the breach, FalconFeeds quickly worked with X support to regain control of their account, remove malicious tweets, and strengthen their security measures. The incident serves as a reminder that even companies with robust security are not immune to increasingly sophisticated attacks. Moving forward, security experts recommend using hardware-based authentication methods, continuous monitoring for suspicious activity, and regular audits of third-party app permissions to minimize the risks of such attacks.
As crypto scams continue to exploit verified social media accounts, platforms like X must prioritize advanced security measures and proactive detection to combat the growing threat of digital deception.
0 Comments