Scroll co-founder Ye Chen’s X account was hijacked in a sophisticated phishing operation where attackers posed as platform employees to target crypto industry figures. The compromised account, which commands substantial influence among crypto leaders, began distributing fraudulent messages claiming copyright violations and threatening account restrictions unless users clicked on malicious links within 48 hours. The hackers transformed Chen’s profile to mimic X’s official branding, updating the bio to reference Twitter and nCino while warning followers about security breaches. Screenshot from X The attackers flooded the feed with reposts from X’s verified accounts to enhance perceived legitimacy, then launched their phishing campaign via direct messages. Sophisticated Attack Mirrors Growing Pattern The breach follows established tactics where hackers exploit trusted accounts to distribute malicious links disguised as urgent platform notifications. Recipients received messages appearing to come from X’s rights management team, complete with fake compliance warnings and time-sensitive appeals processes designed to create panic and bypass security awareness. Blockchain security researcher Wu Blockchain first identified the compromise and alerted the community to ignore any communications from the account. The warning emphasized particular concern given Chen’s extensive network of high-profile cryptocurrency executives, developers, and investors who might trust messages from his verified account. Scroll co-founder @shenhaichen 's X account has been hacked and is currently sending phishing private messages impersonating X employees. This account has a large following among prominent figures in the crypto industry; the community and users are advised to be aware of the… pic.twitter.com/ctXk2G0bQm — Wu Blockchain (@WuBlockchain) January 25, 2026 The attack represents the latest escalation in social media compromises targeting crypto industry leaders, in which hackers increasingly leverage delegated account access and expired domain registrations to bypass security measures, including two-factor authentication. Industry Faces Relentless Social Engineering Wave BNB Chain’s official account suffered a similar breach in October when hackers posted fake reward programs with phishing links after Binance co-founder CZ warned followers against clicking suspicious content. The compromised account promoted fraudulent BSC token distributions, promising early payouts to users who voted on reward dates through malicious URLs designed to drain digital wallets. Binance co-CEO Yi He’s WeChat account was also hijacked in December to promote meme coin schemes, with attackers conducting a coordinated pump-and-dump operation around the token MUBARA. Two wallets created hours before the breach accumulated 21.16 million tokens before dumping holdings as retail traders flooded in, netting attackers approximately $55,000 while leaving later buyers exposed to price collapse. Changpeng Zhao @cz_binance warned that new co-CEO Yi He’s @heyibinance abandoned WeChat account was hacked and used to push a meme coin called MUBARA. #Binance #Memecoins https://t.co/sdyH325OMD — Cryptonews.com (@cryptonews) December 10, 2025 Among other notable accounts hacked were ZKsync and Matter Labs, which were compromised in May through what the team described as “ delegated accounts ” with limited posting privileges. Hackers published false claims about an SEC investigation alongside fake airdrop promotions, triggering a 5% drop in the ZK token price despite a prior 38.5% weekly rally. The prominent crypto media company, Watcher.Guru also confirmed its account breach in March after fake Ripple-SWIFT partnership claims spread across connected Telegram, Facebook, and Discord channels through automated content bots. The team suspects the compromise originated from a suspicious link containing unusual query strings shared in their Telegram group weeks earlier. Record Theft Year Exposes Escalating Threats The crypto ecosystem witnessed over $3.4 billion stolen in 2025, according to Chainalysis’s 2026 Crypto Crime Report , with North Korean state-backed hackers accounting for a record $2.02 billion across fewer but increasingly sophisticated attacks. Source: Chainalysis The Democratic People’s Republic of Korea now represents 76% of all service compromises, bringing cumulative DPRK cryptocurrency theft to $6.75 billion since operations began. Personal wallet compromises surged to 158,000 incidents affecting at least 80,000 unique victims, triple the 54,000 cases recorded in 2022. Address poisoning scams drove December’s single-largest loss , when one victim transferred $50 million to a fraudulent wallet mimicking their intended destination, while private key leaks resulted in $27.3 million stolen from multi-signature wallets. Personal Security Breaches Surge Across Platforms Most recently, Ubuntu developer Alan Pope warned that attackers are hijacking Snap Store publisher accounts by registering expired domains linked to legitimate developers, then pushing malicious updates to previously trusted packages. The technique exploits automatic update systems and established trust signals, with at least 2 confirmed cases of wallet-stealing malware distributed through seemingly normal applications. Hackers are exploiting trusted Snap Store packages to steal cryptocurrency by hijacking existing publisher accounts. #Hack #Crypto https://t.co/YV5Yoiwb0F — Cryptonews.com (@cryptonews) January 21, 2026 Given these growing, multifaceted attack vectors, Better Business Bureau officials are warning consumers about phishing campaigns that lock X users out of their accounts and are subsequently used for cryptocurrency promotions. Kentucky journalist Jennie Rees described receiving direct messages from apparent colleagues requesting contest votes, only to find her account posting fake Audi purchase claims tied to crypto earnings after clicking the malicious link. The post Hackers Impersonate X Staff Using Compromised Scroll Founder Account appeared first on Cryptonews .
