Hackers Infiltrate New York Post’s X Account to Scam Cryptocurrency Users

Hackers have infiltrated the New York Post’s X account, using it to send fraudulent direct messages to cryptocurrency users. The scam involves messages that appear to come from a New York Post journalist, inviting users to engage via Telegram. This tactic aims to lure unsuspecting individuals into contacting the hackers, potentially leading to further exploitation or data theft. The use of a verified account adds a layer of credibility to the scam, making it more likely that users will fall for the deception.

The incident was first discovered on May 3 by Alex Katz, the founder and CEO of Kerberus, who shared a screenshot of a message purportedly from journalist Paul Sperry via the official New York Post account. The message invited users to feature in a podcast and to contact the hackers via Telegram. Cybersecurity engineer and NFT collector Drew noted that the scammer gained unauthorized access but did not post a Pump.fun address or wallet drainer. Instead, they messaged users and directed them to Telegram. After sending the message, the scammer blocks users from replying to prevent the actual New York Post team from being alerted to the compromise.

Donny Clutterbuck from the NFT Bitcoin’s ordinals platform Fomojis also reported being contacted by the hacker, suggesting that it could be a potential ZoomZM-- exploit from enabling audio. When users click to enable audio, a pop-up gives the option to either cancel or enable WiFi, which could potentially give network access to the scammer. Blockchain sleuth ZachXBT noted that this compromise was similar to one from a few weeks ago when direct messages were sent from The Defiant’s X account.

This incident is not an isolated case. Recently, there have been similar breaches where high-profile accounts have been targeted to spread malicious content. Such breaches highlight the vulnerabilities in social media platforms and the need for enhanced security measures to protect users from scams and cyber threats. The hackers’ actions underscore the growing sophistication of cybercriminals, who are increasingly targeting high-profile accounts to gain trust and exploit users. The use of direct messages and the impersonation of journalists are tactics that can be highly effective in deceiving users, especially those who are not familiar with the common signs of phishing and scam attempts.

The incident serves as a reminder for users to be cautious when receiving unsolicited messages, even from verified accounts. It is crucial to verify the authenticity of such messages and to avoid clicking on suspicious links or providing personal information. Additionally, social media platforms and organizations must implement robust security protocols to prevent unauthorized access and protect their users from potential threats. In response to the incident, users have been advised to report any suspicious activity to the relevant authorities and to avoid engaging with unknown individuals or accounts. The New York Post has not yet issued an official statement regarding the breach, but it is expected that the organization will take steps to enhance its security measures and prevent similar incidents in the future.