Why you shouldn’t follow the links on X: real phishing cases

On the social network X (ex-Twitter), phishing links are being massively sent out to seize the cryptocurrency of inattentive users. GetBlock AML Research analyzes this type of fraud in detail and provides real phishing cases.

Where phishing leads

The point of phishing is to mislead the user into believing that he or she is using a secure tool. The attackers often create malicious copies of trading platforms or even crypto wallets. When a potential victim gets to such malicious resources, they are offered to connect the wallet, after which all available cryptocurrency will be withdrawn from it.

Therefore, scammers often resort to various “motivations”. For example, in this case, the phishing link was disguised as a distribution of SONIC tokens.

Phishing link under the guise of distributing SONIC tokens

There are more complex schemes: phishing is often used to promote fraudulent tokens. After mass purchases of such a token, its creators empty liquidity pools and leave users with nothing.

Why X

The attackers distribute phishing links on all major social platforms to reach as many potential victims as possible. The X social network, which is considered one of the largest in the world, is particularly popular with scammers.

In addition to the large number of X users, this social network often discusses digital assets and related trends and also features official accounts of various cryptocurrency platforms. Often, these accounts are hacked for the subsequent promotion of phishing links.

Real phishing cases

In February 2025, the X account of one of the journalists of the WIRED publication was hacked. The attackers posted information on his page about a new meme coin allegedly released by WIRED.

Journalist’s warning about hacking his account

The scammers launched the WIRED token on the Pump.fun platform and attracted a large number of victims by hacking into the journalist’s account. After mass purchases of the altcoin by unsuspecting users, the scammers withdrew all funds from the liquidity pool, earning about $10 000.

In the same month, another high-profile hack took place. The scammers compromised the official Pump.fun platform account and started promoting a fake PUMP governance token. Soon, Pump.fun representatives notified users about the hack via their Telegram channel.

Promotion of the PUMP phishing token. The post was later deleted

The aftermath of the Pump. fun account hack on X turned out to be the same as the WIRED story. The attackers withdrew funds from the liquidity pool, leaving PUMP token buyers with nothing.

Last year, two X accounts, Lara and Tiffany Trump, were hacked at once. Phishing links on their pages led to the yet-to-be-released fraudulent token project World Liberty Financial, which is promoted by the Trump family. As the current US president at the time still had close ties to X owner Elon Musk, Lara and Tiffany’s hacked accounts were quickly handed over to their owners. The X team’s response was later praised by Trump’s son Eric.

Protection against phishing

There is currently no real defense against phishing, and it is unlikely there ever will be. The scammers always find effective ways to mislead victims and divert their attention. Therefore, to reduce the likelihood of becoming a victim of phishing on X, do not click on external links on this social network, even if you are sure of their authenticity.