Solana Meme Coin Scam: $500,000 Phishing Operation Exposed

Blockchain investigator ZachXBT has shed light on a sophisticated phishing operation that has compromised more than 15 X accounts. This malicious scheme specifically targeted investors of Solana-based meme coins, resulting in a staggering estimated loss of around $500,000.The details of this Solana Meme Coin Fraud were unveiled in a December 24 social media post by ZachXBT. The attackers executed their plan by impersonating the X team and using various phishing websites to illegally access high-profile accounts. They crafted fake copyright infringement notices to create a faux sense of urgency, tricking users into clicking on these deceitful links. Individuals were urged to reset their two-factor authentication (2FA) or passwords, paving the way for the hackers to collect their credentials.

Once the hackers acquired these credentials, they moved swiftly to exploit the compromised accounts. Each one was then used to promote scams that specifically targeted meme coin enthusiasts. Typically, these hacked accounts shared a particular contract address for fraudulent Solana tokens, enticing followers to invest using SOL. Posts commonly featured a catchy caption: “Incoming Transmission,” leading to announcements about new tokens and contract details.

To further cover their tracks, the cybercriminals attempted to obfuscate their activities by transferring stolen funds between the Solana and Ethereum networks. Thanks to ZachXBT’s thorough investigation, it was revealed that all hacked accounts were interconnected through six specific deployer addresses used for these scams.

This operation not only exploited the trust of crypto fans but also targeted accounts with large followings—many boasting over 200,000 followers. Among the notable victims were Kick, Cursor, The Arena, Brett, and Alex Blania. The first incident was reported on November 26, involving RuneMine, with the most recent breach affecting Kick on December 24.

The rising threats to social media platforms are alarming. This attack is part of a wider trend where platforms like X are increasingly exploited by fraudsters. Recognized as a focal point for crypto projects and creators, X has drawn unwanted attention from hackers. In a previous incident in November, ZachXBT documented several account takeovers on both X and Instagram that fueled pump-and-dump schemes linked to meme coins. Victims during that surge faced losses exceeding $3.5 million, with the attacks beginning in August 2024.

The pattern is distressingly predictable: accounts are hacked, fake tokens are promoted, and the illicit gains are funneled into anonymous wallets. Famous instances include the hacking of Symbiotic’s X account in October, which used phishing links masquerading as airdrop checklists to steal tokens. Following suit, EigenLayer’s account was compromised that same month to promote a fake airdrop campaign. The account of Andy Ayrey, founder of Truth Terminal AI, was hijacked to push fraudulent meme coins, resulting in a hefty sum of $1.5 million being accrued by the hacker.

In light of this alarming situation, ZachXBT has encouraged users to bolster their account security. Recommendations include avoiding the reuse of email addresses across different services and opting for advanced security keys for 2FA whenever feasible.

As these hacking incidents continue to rise, it’s essential for investors to remain vigilant and proactive against potential threats in the crypto space.