Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Ye Chen, co-founder of Scroll, had their X account compromised in a sophisticated phishing scheme in which attackers impersonated platform employees to target individuals within the cryptocurrency sector.
The breached account, which holds significant sway among crypto leaders, commenced sending out deceptive messages alleging copyright infringements and warning of account restrictions unless recipients clicked on harmful links within a 48-hour timeframe.
The cybercriminals altered Chen’s profile to resemble X’s official branding, modifying the bio to mention Twitter and nCino while cautioning followers about security violations.
Screenshot from X
The attackers inundated the timeline with reposts from X’s verified accounts to bolster their perceived credibility, subsequently initiating their phishing efforts through direct messages.
Complex Attack Reflects Growing Trend
This breach aligns with common strategies where hackers take advantage of trusted accounts to disseminate harmful links disguised as urgent notifications from the platform.
Recipients received messages that appeared to originate from X’s rights management team, complete with counterfeit compliance alerts and urgent appeals designed to incite panic and bypass security awareness.
Blockchain security analyst Wu Blockchain was the first to detect the breach and warned the community to disregard any messages from the account.
The alert highlighted specific concern due to Chen’s vast network of notable cryptocurrency executives, developers, and investors who might be inclined to trust communications from his verified account.
Scroll co-founder @shenhaichen’s X account has been hacked and is currently sending phishing private messages impersonating X employees. This account has a large following among prominent figures in the crypto industry; the community and users are advised to be aware of the… pic.twitter.com/ctXk2G0bQm
— Wu Blockchain (@WuBlockchain) January 25, 2026
This incident marks the latest increase in social media breaches targeting leaders in the crypto industry, where hackers increasingly utilize delegated account access and expired domain registrations to circumvent security protocols, including two-factor authentication.
Industry Confronts Unrelenting Social Engineering Assault
BNB Chain’s official account experienced a similar breach in October when hackers promoted fake reward schemes with phishing links after Binance co-founder CZ cautioned followers against engaging with suspicious content.
The compromised account advertised fraudulent BSC token distributions, enticing users with promises of early payouts for voting on reward dates via malicious URLs that aimed to deplete digital wallets.
In December, Binance co-CEO Yi He’s WeChat account was also compromised to promote meme coin initiatives, with attackers executing a coordinated pump-and-dump scheme involving the token MUBARA.
Two wallets created just hours before the breach amassed 21.16 million tokens before offloading their holdings as retail traders rushed in, netting the attackers around $55,000 while leaving later purchasers vulnerable to a price drop.
Related Posts
Changpeng Zhao @cz_binance warned that new co-CEO Yi He’s @heyibinance abandoned WeChat account was hacked and used to push a meme coin called MUBARA.#Binance #Memecoins https://t.co/sdyH325OMD
— Cryptonews.com (@cryptonews) December 10, 2025
Changpeng Zhao @cz_binance warned that new co-CEO Yi He’s @heyibinance abandoned WeChat account was hacked and used to push a meme coin called MUBARA.#Binance #Memecoins https://t.co/sdyH325OMDOther notable accounts that were hacked include ZKsync and Matter Labs, which were compromised in May through what the team referred to as “delegated accounts” with limited posting capabilities.
Hackers disseminated false information regarding an SEC investigation alongside deceptive airdrop promotions, causing a 5% decrease in the ZK token price despite a prior 38.5% weekly surge.
The prominent cryptocurrency news outlet, Watcher.Guru, also reported its account breach in March after false claims of a Ripple-SWIFT partnership circulated across related Telegram, Facebook, and Discord channels via automated content bots.
The team suspects the breach stemmed from a suspicious link containing unusual query strings shared in their Telegram group weeks prior.
Record Theft Year Reveals Escalating Threats
The cryptocurrency ecosystem experienced over $3.4 billion in theft during 2025, according to Chainalysis’s 2026 Crypto Crime Report, with North Korean state-sponsored hackers responsible for a staggering $2.02 billion through fewer but increasingly advanced attacks.
Source: Chainalysis
The Democratic People’s Republic of Korea now accounts for 76% of all service breaches, bringing the total DPRK cryptocurrency theft to $6.75 billion since operations began.
Incidents of personal wallet compromises surged to 158,000 cases affecting at least 80,000 distinct victims, tripling the 54,000 cases recorded in 2022.
Address poisoning scams resulted in December’s largest single loss, when one victim transferred $50 million to a fraudulent wallet that mimicked their intended destination, while leaks of private keys led to $27.3 million being stolen from multi-signature wallets.
Personal Security Breaches Rise Across Platforms
Recently, Ubuntu developer Alan Pope warned that cybercriminals are hijacking Snap Store publisher accounts by registering expired domains associated with legitimate developers, then pushing harmful updates to previously trusted packages.
This method takes advantage of automatic update systems and established trust indicators, with at least 2 confirmed instances of wallet-stealing malware being distributed through seemingly ordinary applications.
Hackers are exploiting trusted Snap Store packages to steal cryptocurrency by hijacking existing publisher accounts.#Hack #Cryptohttps://t.co/YV5Yoiwb0F
— Cryptonews.com (@cryptonews) January 21, 2026
Hackers are exploiting trusted Snap Store packages to steal cryptocurrency by hijacking existing publisher accounts.#Hack #Cryptohttps://t.co/YV5Yoiwb0FIn light of these increasing and diverse attack vectors, Better Business Bureau officials are cautioning consumers about phishing campaigns that lock X users out of their accounts, which are then utilized for cryptocurrency promotions.
Kentucky journalist Jennie Rees recounted receiving direct messages from apparent colleagues soliciting votes for a contest, only to discover her account making false Audi purchase claims linked to crypto earnings after interacting with the malicious link.
The post Hackers Impersonate X Staff Using Compromised Scroll Founder Account appeared first on Cryptonews.
