Mandiants X (Twitter) Account Hacked to Promote Crypto Scam

The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary.

The X (Twitter) account of Googles cybersecurity firm Mandiant was restored to its rightful owner Jan. 4 after the account was hacked and used to promote a cryptocurrency scam.
The account-takeover drama played out for several hours on X, as observers tweeted various evidence of Mandiants account being taken over by attackers posing as Phantom, a friendly crypto wallet built for DeFi and NFTs, according to a screenshot of the hacked Mandiant X bio
posted
by Cyble.
The incident occurred amid growing concerns for the security of
high-profile accounts on X
, as the platform has a history of being targeted by cybercriminals to post and promote scams that show little signs of stopping.
Though Phantom is a legitimate company — its wallet app is available on both Google and Apples app stores — the actors who purported to be the company on Mandiants account seemed anything but. Once Mandiants X account was commandeered by attackers around 5:30pm EST on Wednesday, it tweeted a series of promotions directing people to a scam that offered token awards on a website that would verify if their cryptocurrency wallet was eligible.
VX-Underground posted a
screenshot of one of the tweets
, which announced, The $PHNTM distribution has officially started. Our snapshot recorded over $250,000 wallets, head over to our website to check if youre eligible to claim. The tweet then directed people to the suspicious site, claim-phntm.com.
By Thursday,
Mandiants X account
again appeared to be in proper working order. Mandiant is a part of Google Cloud; the tech giant
completed
its acquisition of the firm in September.
“We are aware of the incident that impacted the Mandiant X account and are conducting a thorough investigation. Weve since regained control and the account has been restored, a Mandiant spokesman told Dark Reading.
During the several hours that the account was taken over, Phantom also was aware of the issue and assured users on its own X account that their funds were safe, warning them to be wary of clicking on strange links, according to a screenshot
tweeted by MalwareHunterTeam
, which also documented the situation on X.
High-profile X accounts are certainly no stranger to takeover by threat actors. In a
now notorious event
that occurred in July 2020 when the platform was still called Twitter, a number of major accounts — including those of Jeff Bezos, Bill Gates, Barack Obama and even Xs current owner Elon Musk — were hacked to promote a Bitcoin scam.
Musks purchase and rebranding of the platform has indeed come with much criticism and controversy, among them growing security concerns that the platform is ripe for cybercriminal activity after Musk cut hundreds of security employees upon taking over X.
In fact just earlier this week, security firm CloudSEK
revealed a Gold Rush
of cybercriminals taking over verified Gold X accounts — or those accounts independently verified as legitimately belonging to a high-profile organization or a celebrity — and selling them on the Dark Web for up to $2,000 each.
The CloudSEK reported cited yet another high-profile X account takeover to prove its point—that of Vitalik Buterin, the co-founder of Ethereum, which attackers used to tweet out an offer for purportedly free nonfungible tokens (NFTs) that included an embedded malicious link redirecting users to a fake website designed to drain cryptocurrency from their wallets.
Other security researchers report vulnerabilities on X that appear to remain unpatched. Last month researchers — including Chaofan Shou, a Ph.D. student at the University of California —
discovered
flaws in the platform that would allow anyone to take over an account that were
not addressed
for weeks by the social media sites team, according to Recorded Future.
“Both vulnerabilities are obvious and easy to find for folks working in security,” Shou, who built what he called on his X feed in
a Dec. 12 tweet
a nuclear-weapon-level exploit for several unfixed vulnerabilities, told Recorded Future News.
CloudSEK earlier this week recommended that high-profile organizations protect themselves on X by monitoring mentions of their respective brands on the site as well as implementing strong password policies. Brute-forcing passwords is a key way that attackers take over X and other online accounts.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Mandiants X (Twitter) Account Hacked to Promote Crypto Scam