Tron DAO Loses $45,000 in Social Engineering Attack

On May 2, the official X account of Tron DAO was compromised in a social engineering attack. The hacker posted a fake contract and solicited approximately $45,000 from users. Despite the quick action taken by Tron DAO's security team to regain control of the account, the hacker continued to pose as Tron online, attempting to engage others by falsely offering paid posts from Tron DAO’s main account. The team is currently working with law enforcement to investigate the incident.

Tron founder Justin Sun initially accused crypto exchange OKX of failing to freeze funds linked to the hack, though the post making that claim was later deleted after a denial by OKX CEO Star Xu. The breach is believed to have stemmed from a malicious social engineering attack targeting a team member.

Curve Finance also experienced a takeover of its X account on May 5. A scammer used the account to promote a fake CRV airdrop, which prompted concern among users. Founder Michael Egorov confirmed the account was silently compromised but not the underlying client devices or systems. The Curve team, with assistance from cybersecurity firm SEAL, eventually regained access. During the attack, the hacker not only shared malicious links but also blocked users who tried to warn others about the breach.

These incidents are part of a growing list of high-profile X account hacks. In April last year, a UK Member of Parliament’s account was hijacked to promote a scam token. In March, Kaito AI and its founder saw their accounts misused to spread false claims of compromised wallets. And in February, Pump.fun’s account was taken over to promote fraudulent tokens, including a fake governance token.

Despite the recent social media account hack, Tron’s momentum is still building. On May 5, Tether issued $1 billion worth of USDT on Tron, which pushed the network’s total USDT supply to $71.4 billion. This places Tron just $1.4 billion behind Ethereum’s $72.8 billion in USDT. Tron previously led Ethereum in USDT circulation between July of 2022 and November of 2024, but an $18 billion Ethereum mint reversed the standings.

Solana ranks third among USDT-supporting networks, hosting $1.9 billion, while smaller amounts circulate on Ton, Avalanche, Aptos, Near, Celo, and Cosmos. Overall, Tether’s total USDT supply reached an all-time high of $149.4 billion, up 8.6% since the beginning of the year. This growth reinforces Tether’s dominant 61% market share in the stablecoin sector, while rival Circle holds a 25% share with $62 billion in USDC.

The broader stablecoin market has seen a sharp resurgence over the past six months and now comprises 8% of the entire crypto market capitalization. Two key legislative proposals—the GENIUS Act and the STABLE Act—are currently making their way through Congress. The GENIUS Act will define payment stablecoins and set reserve requirements, while the STABLE Act would regulate nonbank stablecoin issuers. The Senate is expected to vote on the GENIUS Act before May 26.

Tether is also preparing to launch a new US-based stablecoin later this year. For now, its release is contingent on the passage of regulatory legislation.

In addition to Tron’s DAO account, the verified X account of the New York Post was also compromised in a sophisticated scam targeting members of the crypto community. Multiple users, including well-known people in the space, reported receiving direct messages from the account inviting them to participate in a podcast interview and urging them to continue the conversation via Telegram.

The suspicious activity was first flagged on May 3 by Alex Katz, CEO of Kerberus, who shared a screenshot of the deceptive message, allegedly sent by a journalist through the official New York Post account. What makes this incident so interesting is the attacker’s strategy: instead of posting publicly visible scam links, like a wallet drainer or a Pump.fun address, the bad actor focused entirely on direct communication. This more subtle approach may have been done to delay detection and exploit users' trust in the verified media outlet.

Cybersecurity engineer and NFT collector known as “Drew” shared that the attacker blocked recipients after sending the message, likely to prevent the actual New York Post team from being alerted. Donny Clutterbuck from Fomojis also reported being contacted by the hacker. He raised concerns that the scam may involve a Zoom exploit.

According to Clutterbuck, clicking to enable audio during a Zoom call prompted an unusual pop-up with an option to “enable WiFi,” which he speculated might give the attacker unauthorized network access. Blockchain analyst ZachXBT compared the method that was used in this hack to a similar compromise of The Defiant’s X account several weeks ago, where scammers also leveraged direct messages to lure crypto users.

This incident now adds to the growing concerns about the security of social media accounts and communication platforms used by high-profile organizations and people in the crypto sector. In April, Emblem Vault CEO Jake Gallen reportedly lost $100,000 in crypto during a Zoom interview in which malware was installed on his device.