Hackers are intensifying their efforts on verified accounts on X, the platform formerly known as Twitter. These accounts, adorned with gold and grey verification badges, primarily belong to government and business profiles. Shockingly, hackers are infiltrating these prestigious accounts to promote cryptocurrency scams, phishing sites, and platforms designed for crypto drain activities, according to insights from Bleeping Computer.
Novel Black Market Emerges for Compromised X Accounts
CloudSEK’s recent report reveals the emergence of a novel black market. Hackers are actively trading compromised X accounts, specifically those adorned with gold and grey badges. The price tags for these ill-gotten credentials range from $1,200 to $2,000. One notable incident involves the hacking of Mandiant’s X account, a cybersecurity intelligence firm under Google. The breach led to the dissemination of a fraudulent airdrop, resulting in the depletion of cryptocurrency wallets.
Mandiant’s X account recently fell prey to hackers endorsing a site featuring a crypto drainer. This malicious software focuses on deceiving users into approving harmful transactions, enabling the drainer to pilfer funds from cryptocurrency wallets.
Chaos Unleashed on X’s Verification Model
The hack has sparked debates around X’s verification model since Elon Musk’s takeover. The revamped subscription model now features three types of check marks: blue, grey, and gold. Gold signifies an official organization or company, while the grey badge is reserved for government profiles. Surprisingly, these verified accounts, meant to instill trust, have become prime targets for hackers and valuable assets for cybercriminals.
In a bizarre turn, hackers taking control of these accounts employ tactics like locking out genuine owners, opting for a 30-day gold subscription, and transferring ownership to new individuals. Some sellers even offer the option to include scam accounts as affiliates to verified gold accounts for a fee of $500, providing credibility without undergoing stringent verification procedures enforced by the platform.
In a twist of irony, while X’s verification and subscription system aims to deter impersonation and scams, it inadvertently turns gold and grey badge accounts into attractive targets for cybercriminals. The once-revered verification badge now serves as a mere receipt, no longer guaranteeing authenticity in the evolving landscape of digital security on X.
