Hackers Impersonate X Staff Using Compromised Scroll Founder Account

Hackers Impersonate X Staff Using Compromised Scroll Foun... Scroll co-founder Ye Chen's X account was hijacked in a sophisticated phishing operation where attackers posed as platform employees, distributing fake copyright violation warnings to his network of crypto industry leaders. The post Hackers Impersonate X Staff Using Compromised Scroll Founder Accoun... Scroll co-founder Ye Chen's X account was hijacked in a sophisticated phishing operation where attackers posed as platform employees to target crypto industry figures. The compromised account, which commands substantial influence among crypto leaders, began distributing fraudulent messages claiming copyright violations and threatening account restrictions unless users clicked on malicious links within 48 hours.The hackers transformed Chen's profile to mimic X's official branding, updating the bio to reference Twitter and nCino while warning followers about security breaches.Screenshot from XThe attackers flooded the feed with reposts from X's verified accounts to enhance perceived legitimacy, then launched their phishing campaign via direct messages.Sophisticated Attack Mirrors Growing PatternThe breach follows established tactics where hackers exploit trusted accounts to distribute malicious links disguised as urgent platform notifications. Recipients received messages appearing to come from X's rights management team, complete with fake compliance warnings and time-sensitive appeals processes designed to create panic and bypass security awareness.Blockchain security researcher Wu Blockchain first identified the compromise and alerted the community to ignore any communications from the account. The warning emphasized particular concern given Chen's extensive network of high-profile cryptocurrency executives, developers, and investors who might trust messages from his verified account. Scroll co-founder @shenhaichen's X account has been hacked and is currently sending phishing private messages impersonating X employees. This account has a large following among prominent figures in the crypto industry; the community and users are advised to be aware of theâEUR¦ pic.twitter.com/ctXk2G0bQm- Wu Blockchain (@WuBlockchain) January 25, 2026 The attack represents the latest escalation in social media compromises targeting crypto industry leaders, in which hackers increasingly leverage delegated account access and expired domain registrations to bypass security measures, including two-factor authentication.Industry Faces Relentless Social Engineering WaveBNB Chain's official account suffered a similar breach in October when hackers posted fake reward programs with phishing links after Binance co-founder CZ warned followers against clicking suspicious content.The compromised account promoted fraudulent BSC token distributions, promising early payouts to users who voted on reward dates through malicious URLs designed to drain digital wallets.Binance co-CEO Yi He's WeChat account was also hijacked in December to promote meme coin schemes, with attackers conducting a coordinated pump-and-dump operation around the token MUBARA. Two wallets created hours before the breach accumulated 21.16 million tokens before dumping holdings as retail traders flooded in, netting attackers approximately $55,000 while leaving later buyers exposed to price collapse. Changpeng Zhao @cz_binance warned that new co-CEO Yi HeâEUR(TM)s @heyibinance abandoned WeChat account was hacked and used to push a meme coin called MUBARA.#Binance #Memecoins https://t.co/sdyH325OMD- Cryptonews.com (@cryptonews) December 10, 2025 Among other notable accounts hacked were ZKsync and Matter Labs, which were compromised in May through what the team described as "delegated accounts" with limited posting privileges. Hackers published false claims about an SEC investigation alongside fake airdrop promotions, triggering a 5% drop in the ZK token price despite a prior 38.5% weekly rally.The prominent crypto media company, Watcher.Guru also confirmed its account breach in March after fake Ripple-SWIFT partnership claims spread across connected Telegram, Facebook, and Discord channels through automated content bots. The team suspects the compromise originated from a suspicious link containing unusual query strings shared in their Telegram group weeks earlier.Record Theft Year Exposes Escalating ThreatsThe crypto ecosystem witnessed over $3.4 billion stolen in 2025, according to Chainalysis's 2026 Crypto Crime Report, with North Korean state-backed hackers accounting for a record $2.02 billion across fewer but increasingly sophisticated attacks.Source: ChainalysisThe Democratic...