Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesBotsEarnCopy
Earn products
Overview
Comprehensive investment and financial management
Savings
Earn daily profits with idle tokens
On-chain Elite
Earn every day with On-chain Elite
On-chain Earn
Guaranteed earnings in both bear and bull markets
Crypto Loans
Borrow crypto quickly and easily
Premier Loans
Customized loans to meet your unique needs
Shark Fin
Principal-guaranteed high yields
Smart Trend
Time the market and enjoy incredible yields
Dual Investment
Buy low and sell high — profit no matter the market direction
Wealth Management
Grow your wealth with our top-tier asset management team
Promotions
BGB Zone
All BGB rewards in one place
Spot auto-invest+
Automatically subscribe to auto-invest Earn products and earn for additional profits.
Launchpool
Lock to uncover promising new tokens
PoolX
Lock to receive new token airdrops
HodlerYield
Hold your assets and watch them grow
Bitget TraderPro program
Unlock your trading potential! Become a verified Bitget elite trader and earn 10,000 USDT to help skyrocket your profits. Join now and start your journey to success!
Overview
Introduction to Bitget copy trading and its advantages
Copy what suits you
Futures Copy Trading
Follow the world's top futures trading experts
Spot Copy Trading
Follow the world's top spot trading experts
Bot Copy Trading
Copy top bots to trade smarter

Crypto X (Twitter) account hacks on the rise: A deep dive into hacker scams

Crypto trends
Crypto X (Twitter) account hacks on the rise: A deep dive into hacker scams
In recent months, an increasing number of crypto projects, industry professionals, politicians, and celebrities have had their social media accounts hacked and used to spread scam messages. Some Bitget employees have also fallen victim to similar phishing attacks. After regaining access to their accounts, we conducted a thorough investigation and discovered that attackers are employing increasingly deceptive and hard-to-detect methods. This article aims to raise industry-wide awareness of these evolving security threats.

A Bitget employee targeted by phishing

In mid-May, a Bitget business development employee received a private message on X from someone posing as a potential partner, inviting him to discuss a collaboration. The two parties quickly scheduled a meeting, which proceeded as planned. During the call, the other party sent several installation files, claiming they were for "function testing", and encouraged the Bitget employee to run them.
In the following days, the employee began receiving messages from friends and industry contacts asking, "Did you send me a weird DM on X?" Realizing something was wrong, he promptly contacted Bitget's security team. Working together, they were able to recover the account using the linked email and other verification methods.

How hackers target crypto X accounts and profit from them

As we continued our security review, we uncovered the hacker's methods step by step, and how they turned these attacks into profit.
Step 1: The hacker uses a compromised account to send DMs, luring victims into a Telegram conversation under the pretense of a partnership.
❗Security tips:
  1. These private messages may not always come from suspicious burner accounts — some may even be sent from verified profiles. However, the scam messages are not actually sent by the legitimate team.
  2. The hacker has quietly gained control of the official account and then directed the victim to Telegram to continue the scam.
  3. The messages are often deleted immediately after being sent, so the original account owner may not notice anything unusual, even if hundreds of messages have been sent.
Step 2: After the victim contacts the hacker on Telegram, the hacker proposes a video meeting and shares a file during the call.
❗Security tips:
  1. The hacker often disguises their Telegram account as a real employee, using information from platforms like LinkedIn. The account ID may closely mimic that of a real employee — for example, by mixing up an 'I' (capital i) and an 'l' (lowercase L), which can look nearly identical.
  2. The shared file contains malicious code designed to trick the victim into installing it. Once installed, it can give the hacker access to the victim's computer and enable the theft of social media accounts, as well as crypto or fiat assets.
Step 3: After gaining access to the victim's device, the hacker attempts to steal assets directly. Then, they use the victim's X and Telegram accounts to target more victims, sending scam messages that direct recipients to the same hacker-controlled Telegram account.
❗Security tips:
  1. As mentioned earlier, these scam messages are often deleted immediately after being sent, so the account owner may not realize their account has been compromised.
  2. This explains why scam messages may appear from verified accounts, yet no action is taken — because the real owners are still unaware of the breach.
Step 4: Once the next victim engages with the hacker on Telegram, the scam is tailored based on the hacker's assumed identity.
❗Security tips:
  1. If a hacker disguises themselves as an exchange employee, they typically lure the victim into transferring funds under the pretense of a token listing partnership.
  2. If they impersonate a project team member, they'll often pitch an "early investment opportunity" to convince the victim to transfer funds.
  3. If they claim to represent an investment firm, they may frame it as a funding round or collaboration.
  4. If the impersonated identity doesn't directly generate financial gain, the hacker may use it as a springboard — tricking the victim's contacts into installing malware, thereby compromising their accounts and expanding the scam network.

Summary

The methods described in this article still revolve around a familiar core tactic: planting trojans through malicious file downloads to gain control of a victim's device. What's new, however, is how much more sophisticated and deceptive the tactics have become:
  1. Hackers now use compromised, verified X accounts to send DMs, significantly increasing credibility and the scam's success rate.
  2. Messages are deleted immediately after being sent, so account owners often remain unaware of any breach. This allows hackers to operate undetected for longer. In the past, hackers would post scam tweets right away — such as fake giveaways or links to scam tokens — which, while effective for quick returns, also alerted the account owner and the public much faster.
  3. The Telegram accounts used to continue the scam are carefully spoofed, often with usernames and profiles that closely mimic those of real team members.

How to identify and prevent similar phishing attacks

  1. Be wary of "official" invitations. Always verify the sender's identity through multiple channels. If it's someone you know, check whether your previous chat history is still intact before continuing the conversation.
  2. Never download or open files sent by unknown parties. If you need to install meeting tools like Zoom or Teams, always download them directly from the official website. This is crucial.
  3. During meetings, only allow access to your camera and microphone. Never grant additional permissions that could enable remote access to your device.
  4. Never leave your computer unattended during a call. If you must step away, have someone else monitor the screen to prevent hackers from accessing your device while you're away.
  5. Do not back up your seed phrases on your computer or mobile phone. Enable multi-factor authentication (MFA) wherever possible.
  6. For any device that manages funds, use an iPhone updated to the latest version, enable Lockdown Mode, and avoid using it for external communication. Keep it separate from your work and social devices.

Account compromised? Act fast to minimize losses

Even the best security practices aren't foolproof. If your account is hacked, how quickly you respond can make all the difference.
  1. Disconnect your computer from the internet and shut it down to immediately cut off the hacker's access.
  2. Check your fund security and wallet authorizations. If your local wallet (e.g., browser extensions or private key storage) has been exposed, transfer assets to a brand-new wallet using a newly generated private key. Do not reuse the same seed phrase.
  3. Try recovering the account using another device or email. If you're still logged in somewhere, quickly use your linked email or phone number to reset your password and log out of all other sessions. Once your account is retrieved, immediately revoke all third-party login permissions to prevent hackers from continuing to manipulate your account.
  4. Notify and alert your contacts. Warn others not to trust any recent DMs from you, and report the compromised account to help prevent a wider chain of victims.
The above cases are not isolated cases, but challenges that every user in the entire crypto industry may face. At Bitget, we not only build protection mechanisms, but also hope to work with you to truly turn "security awareness" into ability. Bitget's "Anti-Scam Month" is currently underway, and we have launched a series of anti-scam content and interactive activities. Welcome to the activity page. Let's improve our ability to identify fraud and guard the security boundary together.
larkLogo2025-06-19
Top 7 Ways to Earn Money with Cryptocurrency in 2025prevIcon
How to sell PIBitget lists PI – Buy or sell PI quickly on Bitget!
Trade now
Recommended
We offer all of your favorite coins!
Buy, hold, and sell popular cryptocurrencies such as BTC, ETH, SOL, DOGE, SHIB, PEPE, the list goes on. Register and trade to receive a 6200 USDT new user gift package!
Trade now
Trade smarter
Trade smarter
Download app
Company
About Bitget Contact us Community Careers LALIGA partnership Messi partnership 2022–2024 Turkish elite athletes partnership Blockchain4Youth Blockchain4Her Media Kit Bitget Academy Bitget Blog Announcement Center Proof of Reserves Protection Fund Bitget Token (BGB) Partner links Sitemap
Products
Buy crypto Spot Futures Margin Bots Earn APIs Web3 wallet Fiat OTC
Copy
Spot copy trading Futures copy trading Bot copy trading TraderPro
Services
Submit feedback Help Center Verify official channels Listing application VIP services Affiliate program Institutional services Asset custody Download data Promotions Referral program Fee schedule Tax filing API
Legal and disclosures
Law enforcement request Regulatory request Regulatory license AML/CFT policies Privacy policy Terms of Use Risk disclosure ST rules
Tools
Telegram Apps Center Discord Apps Center Crypto directory Crypto wiki Crypto widgets Events calendar ICO calendar Crypto glossary Profit calculator Airdrop library Bitcoin ETF Market cap comparison
Buy crypto
Crypto categories Calculator Buy Bitcoin Buy ETH Buy DOGE Buy XRP Buy BGB Buy SHIB Crypto prices Bitcoin price Ethereum price BRC-20 price
Trade smarter
Download app
© 2025 Bitget
Privacy·Terms·Risk