As a seasoned cybersecurity researcher with over two decades of experience under my belt, I can’t help but shake my head at yet another high-profile security breach. The theft of millions worth of meme coins on Solana through a sophisticated phishing operation is a stark reminder that no platform is immune to cyber threats.
A security breach on X resulted in the theft of over $2.2 million worth of meme coins on Solana.
Investigator ZachXBT disclosed that the attack utilized a weakness in X’s mobile system infrastructure, resulting in financial losses across various digital assets. This seems to be a complex scam targeted at Wallstreetbets, orchestrated with high sophistication.
As a researcher, I’d rephrase that statement as follows: During the attack, a significant amount of my research’s assets were stolen. The most affected tokens were PNUT, where we lost approximately $1.43 million, ZEREBRO with a loss of around $400,000, and ALCH, for which we suffered a loss of roughly $130,000.
As a researcher delving into the details, I’ve learned from ZachXBT’s Telegram disclosure that the attackers capitalized on an unaddressed bug in X’s mobile platform. This sneaky tactic enabled them to append passkeys to accounts that had been compromised, a weakness that went undetected by the original account holders and was seemingly overlooked by the platform’s support team.
On the mobile version of the platform, a weakness has been identified that enables unauthorized users to keep gaining access, even when it seems like an account has been successfully recovered.
Wallstreetbets regains access to the account
Wallstreetbets have successfully reclaimed their account, and they’ve made it clear that any harmful tweets with suspicious links were sent during the hacking incident.
For about a month, the account owner has been dealing with repeated attempts at unauthorized access. They are collaborating closely with X’s security team to address these ongoing security concerns.
IMPORTANT MESSAGE: I’ve recently deleted a tweet that wasn’t written by me, as you may or may not be aware, my account has been compromised by fraudsters for about a month. Rest assured, I will never ask you to click on suspicious links nor urge you to make purchases (with the exception of $XRP).
— wallstreetbets (@wallstreetbets) December 8, 2024
Through a firm statement, Wallstreetbets asserted they’ve identified the individuals behind the attacks, even as these actors have attempted to conceal themselves by employing VPN services.
The account asserted that concealing your login access using a VPN as a means of masking your actions is an absurdly feeble attempt to avoid detection, and Wallstreetbets warned of potential legal repercussions for any illegal activities.
As an analyst, I’ve been in touch with the account holder who has reached out to users who might have been impacted, asking them to disclose any losses they’ve experienced via direct messages. This data will be passed on to the authorities to aid in ongoing investigations concerning the security breach we’re dealing with.
On Sunday, it wasn’t just Wallstreetbets that experienced a significant breach. Additionally, the account of Cardano (X) was also compromised. False information about a fictitious lawsuit by the U.S. Securities and Exchange Commission was circulated before being removed.
Read More
- PYTH PREDICTION. PYTH cryptocurrency
- Ananya Panday claims ‘its tough being Bhidu’ after working with Jackie Shroff; find out why
- Blockaid new dashboard to track Web3 activity and threats
- Smino and Samara Cyn To Hit the Road on ‘Kountry Kousins’ Tour
- XRP price slips as RLUSD market cap hits $53m, liquidations rise
- Solana L2 Sonic includes TikTok users in airdrop
- The Vampire Diaries Nina Dobrev Reunited With Co-Stars To Recreate Throwback Photo, And I’m Not The Only One Loving It
- AI16Z PREDICTION. AI16Z cryptocurrency
- DC’s ‘Clayface’ Movie From Mike Flanagan Lands 2026 Release
- Cynthia Lummis calls for regulatory framework over Crypto
2024-12-08 19:44