Bitget Exposes New Phishing Scam Targeting Verified X Accounts

Bitget, a leading global cryptocurrency exchange, has recently exposed a sophisticated phishing method that targets verified X accounts to disseminate scam messages within the crypto community. This new tactic involves scammers using private direct messages (DMs) to hijack trusted accounts, thereby deceiving users into believing that the messages are legitimate. The method exploits the trust that users place in verified accounts, making it easier for scammers to execute their fraudulent activities.

In a recent incident, a Bitget employee fell victim to this scam after receiving a direct message from someone posing as a potential business partner. The scammer scheduled a meeting and shared files disguised as tools for a project demo. These files, once opened, silently installed malicious software that gave the attacker control of the employee’s X account. This incident underscores the evolving nature of cyber threats in the cryptocurrency space, as scammers continue to find new ways to exploit vulnerabilities and deceive users.

The scam operates through a four-step process. First, hackers use compromised verified accounts to send direct messages to targets. These messages appear genuine but are often deleted seconds after being sent, preventing detection by the account owner. Second, victims are directed to Telegram, where scammers use spoofed profiles mimicking real employees. They often swap letters (like “l” and “I”) in usernames to appear legitimate. Third, during a video call, scammers share files that secretly install malware, giving them full access to the victim’s computer, including crypto wallets and social accounts. Finally, once access is gained, hackers use the compromised account to target others, pushing different scams such as fake token listings, funding rounds, or early investment offers.

These scams rely on a familiar trick—planting malware—but the methods have evolved. Hackers now use verified accounts, remove messages to stay hidden, and spoof profiles with alarming accuracy. In the past, scams involved public posts or obvious fake links. Now, everything happens behind the scenes in private chats and calls. This new tactic is particularly insidious as it bypasses the usual security measures that users might expect from public communications, allowing scammers to spread misinformation and phishing links more effectively.

Bitget recommends several key precautions to protect against such scams. Users should verify all identities via multiple channels and avoid downloading files from unknown or unverified sources. It is also advisable to use Multi-Factor Authentication (MFA) and avoid storing seed phrases on devices. Keeping crypto devices separate from work or social devices and never granting screen or remote access during meetings are additional measures to enhance security. If a user suspects a hack, they should disconnect their device from the internet, move their assets to a new wallet with a freshly generated private key, try to recover their account using email or backup devices, and warn their contacts and revoke any third-party app access.

Bitget is currently hosting its “Anti-Scam Month,” aimed at educating users and raising security awareness through interactive activities and resources. As scams grow more sophisticated, knowledge remains the strongest defense. The implications of this new phishing method are significant for both individual users and the broader cryptocurrency ecosystem. For users, the risk of falling victim to scams is heightened, as they may be more likely to trust messages from verified accounts. This underscores the importance of remaining vigilant and verifying the authenticity of any communications received, even from seemingly trustworthy sources. For the industry as a whole, the discovery of this new phishing method serves as a reminder of the need for continuous innovation in cybersecurity measures to protect users and maintain trust in the system.

Bitget's revelation also raises questions about the effectiveness of current security protocols in preventing such attacks. While verified accounts are intended to provide an additional layer of trust and security, the fact that they can be hijacked highlights the need for more robust measures to protect these accounts. This could include enhanced authentication processes, improved monitoring of account activity, and increased user education on recognizing and avoiding phishing attempts. In response to this new threat, Bitget and other industry players may need to implement more stringent security measures and educate users on the risks associated with private DMs. This could involve providing guidelines on how to recognize and report suspicious activity, as well as offering tools to help users verify the authenticity of communications. By taking proactive steps to address this issue, the industry can work to mitigate the risks posed by this new phishing method and protect users from falling victim to scams.