Hacker Gang Profits Over $14 Million by Promoting Tokens through X Account Invasion
Anonymous blockchain researcher Specter revealed that a hacker gang profited over $14 million by promoting their own tokens through the invasion of high-profile accounts on the X platform and conducting cross-chain money laundering.
The gang attacked investor Keith Gill, Pepe the Frog creator Matt Furie, and the WinRAR project's X account. The funds involved spanned five chains: Solana, BNB Chain, Ethereum, Tron, and Hyperliquid, and they are also suspected of a phishing attack that caused a $2.45 million loss in wstETH in 2024.
Retail investors and token speculators in the market followed the promoted purchases from the hacked accounts. Specter exposed the operations through on-chain tracking, revealing that the hacker gang profited through money laundering while the victims and platform trust were under pressure. Funds are shifting from high-risk social promotion tokens to transparent on-chain monitoring tools.
Source: Public Information
ABAB AI Insight
Specter has previously exposed the connection between X account invasions and rug pulls through on-chain analysis. This time, he linked three independent invasion incidents involving Keith Gill and others to the same gang, continuing the systemic attack pattern on high-profile accounts used for token pump-and-dump schemes on the X platform since 2024.
In terms of capital flow, after invading accounts, the hacker gang quickly deployed tokens and transferred profits to money laundering paths via multi-chain bridges, combining phishing attacks to extract wstETH. Their motive is to leverage X's algorithm to amplify promotional exposure, converting social influence into short-term liquidity cash-outs, forming a complete profit cycle from account control to cross-chain asset extraction.
Similar to multiple celebrity X accounts being hijacked to promote scam tokens in 2024-2025 and similar gangs exposed by investigators like ZachXBT, Specter currently places this incident at the intersection of social platform security and crypto crime, pushing the industry to transition from easily compromised accounts to multi-factor verification and on-chain behavior monitoring.
Structural judgment: Essentially a technical substitution. The combination of centralized account permissions on the X platform and blockchain anonymous transfers allows a single invasion to capture large-scale funds. The mechanism lies in the social attention economy and multi-chain liquidity amplifying attack returns, forcing value to concentrate from easily controlled accounts to decentralized identity verification and real-time on-chain monitoring solutions.
ABAB News · Cognitive Law
Once an account is invaded, traffic becomes ammunition.
The faster the social amplification, the more hidden the money laundering path.
Low invasion cost, high tracking cost.