X Becomes Crypto’s Weakest Link as Hackers Hijack Influencers With Sophisticated Phishing

A new phishing campaign is striking at the heart of the crypto. X, which has long been considered the digital town square where developers, traders, and investors exchange ideas and shape narratives, the platform is now under siege.

Hackers are hijacking the accounts of crypto influencers through advanced phishing attacks that bypass two-factor authentication, turning the very space that fuels innovation into a battlefield where they can use it for manipulation and deceit.

This new phising scam has attacks so advanced they bypass two-factor authentication, turning one of the crypto community’s most vital communication hubs into its biggest vulnerability.

Crypto developer Zak Cole was among the first to sound the alarm, warning about the lethality of the phishing scheme

"Zero detection. Active right now. Full account takeover. Unlike traditional phishing schemes, this attack doesn’t rely on fake login pages or stolen passwords. Instead, it exploits X’s own app authorization system, giving attackers privileged access that slips past 2FA and standard safeguards."

MetaMask security researcher Ohm Shah confirmed that this phishing attack is a wider campaign of attacks on entities both inside and also outside of the crypto world, as OnlyFan models were also seen targeted in this scam.

Why Crypto Influencers Are Prime Targets

In crypto, reputation and reach are currency. By taking over the accounts of developers, researchers, and influencers, scammers can instantly weaponize massive audiences, spreading malicious links under the guise of trusted voices. That’s why this campaign feels especially dangerous: it erodes the thin line of trust that keeps crypto’s online ecosystem functioning.

The attack starts with an X direct message containing a link that appears to point to Google Calendar. Clever use of metadata tricks X’s preview system into displaying “calendar.google.com,” even though the actual domain is “x(.)ca-lendar(.)com,” freshly registered to serve the scam.

In Cole's instance, he received a phishing link that claimed to be venture capital giant Andreessen Horowitz—a name designed to disarm suspicion.

Clicking the link triggers a redirect to an X authentication page, where users are prompted to approve an app labeled “Calendar.” A deeper inspection reveals the app name contains Cyrillic lookalikes of “a” and “e,” distinguishing it from the legitimate version.

Once authorized, the malicious app requests sweeping permissions—editing profiles, posting content, following or unfollowing users—essentially handing attackers the keys to the account. Some victims might spot inconsistencies, like a redirect to calendly.com, but for most, the handover is seamless.

Cole’s advice is blunt but effective: check your X “connected apps” and immediately revoke any suspicious “Calendar” authorizations. Because the exploit doesn’t rely on stolen passwords, even savvy users with strong security hygiene remain vulnerable unless they audit their app connections.

Crypto’s Social Media Dependency Is a Ticking Time Bomb

This campaign highlights an uncomfortable truth—crypto doesn’t collapse when blockchains falter; it collapses when communication channels are compromised. X has become crypto’s town square, but its security loopholes now threaten to undermine the industry itself.

As hackers weaponize everyday platform features like app authorizations, the narrative that “users should have been more careful” no longer holds. Until platforms like X harden their defenses, every influencer, developer, and exchange account is fair game.

The stakes couldn’t be higher: in crypto, one hijacked account isn’t just a personal loss—it can trigger market chaos, drain wallets, and destroy trust in an instant. The question isn’t whether X is crypto’s weakest link—it’s how long the industry can afford to ignore it.