Bitget Reveals New Phishing Method Hijacking Trusted X Accounts
Crypto X account hacks are rising as scammers use verified profiles and Telegram to spread malware and steal assets, Bitget warns in new report.
Quick Take
Summary is AI generated, newsroom reviewed.
Verified X accounts are being hijacked to spread scam messages across the crypto industry.
Bitget reveals scammers are using private DMs and spoofed Telegram accounts to deploy malware.
Messages are auto-deleted, making account compromise hard to detect.
Bitget launches “Anti-Scam Month” to raise awareness and boost industry-wide security.
Verified Accounts, Compromised Trust
A surge in social media hacks targeting the crypto community has raised serious concerns across the industry. In recent months, verified X accounts belonging to crypto projects, influencers, and even politicians have been hijacked to spread scams. According to Bitget, a leading global crypto exchange, hackers are now using more deceptive methods that are harder to detect and even harder to stop.
In a recent case, a Bitget employee became a victim after receiving a direct message from someone pretending to be a potential business partner. After scheduling a meeting, the scammer shared files disguised as tools for a project demo. These files, once opened, silently installed malicious software that gave the attacker control of the employee’s X account.
How the Scam Works
Bitget’s investigation outlines a four-step process used by hackers:
Step 1: Initial Contact via DM
Hackers use compromised verified accounts to message targets. The messages may appear genuine but are often deleted seconds after being sent, preventing detection by the account owner.
Step 2: Telegram Transition
Victims are directed to Telegram, where scammers use spoofed profiles mimicking real employees. They often swap letters (like “l” and “I”) in usernames to appear legitimate.
Step 3: Malware Deployment
During a video call, scammers share files that secretly install malware. This gives them full access to the victim’s computer, including crypto wallets and social accounts.
Step 4: Expanding the Scam
Once access is gained, hackers use the compromised account to target others. Depending on their impersonated identity, they push different scams—fake token listings, funding rounds, or early investment offers.
New Tactics, Bigger Threats
These scams rely on a familiar trick—planting malware—but the methods have evolved. Hackers now use verified accounts, remove messages to stay hidden, and spoof profiles with alarming accuracy. In the past, scams involved public posts or obvious fake links. Now, everything happens behind the scenes in private chats and calls.
How to Protect Yourself
Bitget recommends key precautions:
- Verify all identities via multiple channels. Don’t assume a verified account is safe.
- Avoid downloading files from unknown or unverified sources.
- Use MFA (Multi-Factor Authentication) and avoid storing seed phrases on devices.
- Keep crypto devices separate from work or social devices.
- During meetings, never grant screen or remote access.
If you suspect a hack:
- Disconnect your device from the internet.
- Move your assets to a new wallet with a freshly generated private key.
- Try to recover your account using email or backup devices.
- Warn your contacts and revoke any third-party app access.
Bitget’s Anti-Scam Month
Bitget is currently hosting its “Anti-Scam Month,” aimed at educating users and raising security awareness through interactive activities and resources. As scams grow more sophisticated, knowledge remains the strongest defense.
Everyone in the crypto space is a potential target. Staying informed is no longer optional—it’s essential.
Follow us on Google News
Get the latest crypto insights and updates.
