Prominent blockchain investigator ZachXBT has shed light on a sophisticated scheme involving compromised social media accounts to promote fraudulent meme coins.
Through a detailed investigation shared on X (Twitter), ZachXBT unveiled how a threat actor, identified as “Serpent,” transitioned from being a professional Fortnite player to doing scams that amounted to over $3.5 million.
These scams spanned multiple platforms, including X and Instagram (IG), with proceeds being funnelled into online casinos.
The History of the Scams
ZachXBT’s investigation connects Serpent to at least nine high-profile account takeovers (ATOs), targeting prominent figures and brands such as McDonald’s, Usher, the owner of Kabosu (the Dogecoin Shiba Inu), Wiz Khalifa, Andy Ayrey, and even Enoshima Aquarium.
The modus operandi involved hacking accounts and using them to promote fraudulent meme coins in pump-and-dump schemes.
For example, on August 21, 2024, McDonald’s IG account was compromised, and a post promoting the bundled meme coin GRIMACE appeared. Following this scam, over $690,000 was consolidated into two wallets, and portions of the stolen funds were later transferred to casino deposit addresses.
Similarly, on November 3, 2024, rapper Wiz Khalifa’s X account was hacked and used to share a wallet address promoting a fraudulent token, targeting the rapper’s 35.7 million followers.
On-Chain Connections
ZachXBT revealed a complex web of transactions connecting the various ATOs. Key addresses used in these scams were linked through direct transactions or obfuscation methods such as instant exchanges.
One example is the deployer addresses for memecoins promoted during the Ken Carson and SPX 6900 ATOs funded each other, indicating a coordinated effort. Also, significant sums, such as $750,000 from the Andy Ayrey ATO, were deposited into casino addresses, highlighting gambling as a potential laundering avenue.
This case underscores the alarming rise of crypto fraud facilitated by social media account hacks. High-profile individuals and brands are particularly vulnerable due to their large followings, which scammers exploit to amplify their schemes.
In this instance, fraudulent memecoins were a preferred tool, capitalizing on their speculative nature and hype-driven market dynamics.
Broader Implications
The detailed investigation by ZachXBT serves as a stark reminder of the vulnerabilities inherent in digital platforms. It also highlights the crucial role blockchain forensics plays in exposing such schemes. While Part 1 of ZachXBT’s report focuses on the on-chain connections, Part 2 is expected to delve deeper into the identities of the threat actors.
This calls for heightened awareness among social media users, stronger account security measures, and continued vigilance by blockchain investigators like ZachXBT.