Phishing Attacks on X Platform Surge 50% in 2025

Generated by AI AgentCoin World
Saturday, Jul 19, 2025 10:29 pm ET2min read
Aime RobotAime Summary

- SlowMist reports 50% surge in X phishing emails bypassing Gmail filters by mimicking login alerts and redirecting users to fake authorization pages.

- Attackers gain account control through forced app authorizations, while counterfeit hardware wallets with pre-set recovery phrases enable instant crypto theft.

- Stolen funds flow through unregulated networks, highlighting $460M+ hardware wallet market vulnerabilities and $2.1B+ 2025 crypto infrastructure losses.

- Experts warn against discounted wallets from unofficial channels, emphasizing tamper-proof packaging checks and avoiding pre-configured devices.

SlowMist Team has recently reported a significant increase in phishing email attacks targeting users of the X Platform. These emails, with the subject "New login to X From XXX," are designed to bypass Gmail's spam filtering system. Attackers send fake account login notifications, prompting users to click on "Change your password" or "Review the apps" links, which actually redirect users to the X platform's official third-party app authorization page. Once authorized, the attackers gain permission to post and retweet on the user's behalf, allowing them to control the account and publish content without the user's knowledge.

Users are advised to be vigilant and carefully handle any emails claiming unusual login activity on their X account. It is crucial to avoid clicking on any links in the email and refrain from authorizing any applications. This surge in cyber threats underscores the growing sophistication of cybercriminals who are exploiting the trust users place in digital security measures.

The SlowMist Team has also reported a significant increase in phishing email attacks targeting users of the X Platform. These emails, with the subject "New login to X From XXX," are designed to bypass Gmail's spam filtering system. Attackers send fake account login notifications, prompting users to click on "Change your password" or "Review the apps" links, which actually redirect users to the X platform's official third-party app authorization page. Once authorized, the attackers gain permission to post and retweet on the user's behalf, allowing them to control the account and publish content without the user's knowledge.

Users are advised to be vigilant and carefully handle any emails claiming unusual login activity on their X account. It is crucial to avoid clicking on any links in the email and refrain from authorizing any applications. This surge in cyber threats underscores the growing sophistication of cybercriminals who are exploiting the trust users place in digital security measures.

The incident involved a user who purchased what appeared to be a legitimate Ledger hardware wallet from an e-commerce platform. The wallet, which seemed to be factory-sealed and authentic, was actually compromised before it was sold. When the victim set up the wallet, it functioned normally, generating a 24-word recovery phrase. However, this phrase had been predetermined by the attackers, giving them complete access to the wallet and its private keys. Within hours of depositing around 50 million Chinese yuan into the wallet, the criminals had drained all the funds.

The SlowMist Team, a blockchain security firm, was alerted to the theft. Their investigation revealed that the stolen funds were funneled through a shadowy entity, using a financial network that operates without Anti-Money Laundering (AML) or Know Your Customer (KYC) controls. This makes recovery virtually impossible. The incident highlights the vulnerabilities in the hardware wallet market, which is valued at over $460 million and is predicted to grow significantly in the coming years. This makes hardware wallets a prime target for crypto theft.

The SlowMist Team's chief security officer emphasized the importance of purchasing brand-new devices directly from suppliers to avoid such scams. He warned users not to gamble their entire fortune on a wallet that is a few hundred bucks cheaper, as this is not saving money but throwing away their lifeline. The incident is part of a broader surge in cryptocurrency-related fraud, with over $2.1 billion in crypto losses across infrastructure-level attacks in the first half of 2025.

Security experts have identified multiple ways criminals can compromise hardware wallets, including firmware modification, manual replacement, supply chain infiltration, and counterfeit manufacturing. These methods highlight the need for users to be vigilant and take precautions when purchasing and using hardware wallets. Legitimate hardware wallet packaging uses ultrasonic welding and tamper-proof seals, and any inconsistencies in packaging should be major red flags. Wallets sold at prices significantly lower than the official retail price, especially on social media platforms or through unofficial channels, are likely counterfeit or compromised. Any wallet that comes with preset PINs, recovery phrases, or setup instructions should be immediately destroyed. Purchasing from anywhere other than the manufacturer’s official website significantly increases risk.

The incident serves as a stark reminder of the importance of digital security and the need for users to be cautious when dealing with cryptocurrency. As the cryptocurrency industry continues to grow, it will remain an attractive target for criminals, and users must take proactive measures to protect their assets.

Comments



Add a public comment...
No comments

No comments yet