String of X hijacks continues as hackers access accounts of Litecoin, Foresight Ventures, and others

A recent string of X account hijacks has continued over the weekend as several more accounts belonging to prominent individuals or companies in the crypto space were commandeered by hackers and used to promote scams. 

Litecoin's X account was compromised on Saturday and used to promote a memecoin scam to its 1.1 million followers. After regaining control over the account, Litecoin apologized for the incident. 

"Litecoin's X account was briefly compromised today and posts that were not authorized were published," Litecoin's X account posted . "These were live only for a matter of seconds before being deleted. We're still investigating the issue, but immediately found a delegated account that was compromised and removed it. We apologize for any confusion caused."

Also affected on Saturday was the X account of Foresight Ventures and its 28,000 followers, and on Sunday, the X account of LayerZero Labs co-founder and CTO Ryan Zarick was likewise compromised and used to promote a scam to his 12,500 followers. The X account of Holoworld AI, which boasts over 150,000 followers, was also compromised last week .

A typical scam post from a hijacked X account. Screenshot: Zack Abrams.

Scam posts, such as the above, generally entice users with promises of a newly-launched memecoin or airdrop, and restrict replies to prevent users from calling out the scam. Though account owners often regain control of the account quickly, some fast-moving crypto traders often fall victim to the scheme. 

X account hijacks in recent weeks have also affected musicians Drake and Wiz Khalifa, the Cardano Foundation , AI startup Anthropic , and more. Security researcher ZachXBT said in November that a series of related X account compromises led to the theft of over $3.5 million through memecoin scams. 

How to protect your X account

Security researcher Taylor Monahan, when asked for advice on how users can protect themselves from such attacks, recommended users conduct a self-audit using a guide published by Security Alliance , also known as SEAL Org . The guide recommends users remove their phone number from their X account, configure two-factor authentication, and review the list of accounts with delegate access. 

"I strongly recommend everyone takes the steps included there, even if they think they have done it before," Monahan said. "Twitter has updated certain settings over time and encouraged users to re-add their phone number." 

If a user's X account is hijacked, Monahan said notifying SEAL through its SEAL-911 Telegram bot can help security professionals contain the damage. "We can very quickly block the malicious URL in MetaMask and a lot of other wallets and crypto security providers. Doing so dramatically reduces the impact of these account takeovers," Monahan said.