Connect with us

Crypto

Mandiant X/Twitter hacker linked to $900K cryptocurrency phishing scheme

Published

on

Mandiant X/Twitter hacker linked to 0K cryptocurrency phishing scheme

Mandiant, a Google-owned cybersecurity company, says a “brute force password attack” likely caused the takeover of its X (formerly known as Twitter) account last week.

The account hijacking was part of a cryptocurrency phishing campaign linked to a drainer-as-a-service (DaaS) offering Mandiant calls CLINKSINK, according to a blog post detailing the company’s investigation.

An estimated $900,000 or more in Solana (SOL) cryptocurrency has been stolen in recent campaigns by 35 CLINKSINK affiliates identified in the Mandiant probe. These affiliates typically share about 20% of the stolen crypto with the DaaS operator, who raked in more than $180,000 in SOL since New Year’s Eve, according to the blog post.

Meanwhile, Mandiant is facing scrutiny after admitting that “some team transitions and a change in X’s 2FA policy” resulted in the security lapse that led to the hijacking.

Mandiant is one of several well-known organizations caught up in a recent string of X account hijackings, which most recently hit the U.S. Securities and Exchange Commission (SEC) in an incident that briefly shook up the Bitcoin market. 

Advertisement

Mandiant’s X/Twitter hack explanation, 2FA lapse questioned by critics

Mandiant noted in its blog post that no Mandiant or Google Cloud systems, other than its X account, were compromised in the hours-long incident on Jan. 3.

Referring to a likely “brute force” attack, the company’s statements published on X Wednesday afternoon seem to imply an attacker targeted the social media account by trying multiple passwords until they successfully logged in.

In replies to Mandiant’s post, some critics noted that this explanation was questionable due to X’s policy of temporarily locking accounts after a “limited number of failed attempts” to log in.

“Not possible due to rate limitation except if the password was 123Password,” one user commented.

The exact number of failed attempts needed to trigger this measure is not provided by X, so SC Media tested the log in feature on a personal X account. We received a notice that the account was locked on the sixth attempt to log in with the wrong password.

Advertisement

No alerts about the failed log-in attempts were sent to the email address linked to the account, and we were also able to access the account, during the temporary lock out period, using the option to sign in with Google/Gmail.

Mandiant did not elaborate on the two-factor authentication (2FA) policy change that contributed to the breach, but this likely refers to X’s removal of the SMS 2FA option for non-Premium subscribers on March 20, 2023.

If this is the case, Mandiant’s account likely had no 2FA protection when it was compromised. X users can still use the authentication app or security key methods of 2FA for free.

“We’ve made changes to our process to ensure this doesn’t happen again,” Mandiant said in its statement.

A Google spokesperson declined to provide additional details about the incident to SC Media.

Advertisement

CLINKSINK affiliates impersonate legitimate crypto sites to drain wallets

After compromising Mandiant’s X account, which has more than 123,000 followers, the hijacker changed the account handle to @phantomsolw, impersonating the legitimate Phantom crypto wallet.

In a post on the hacked account, the CLINKSINK affiliate promoted a supposed opportunity to claim free $PHNTM tokens by clicking a link. Upon clicking the link, users would be urged to connect their Solana wallet and sign a transaction to claim the promotional token airdrop.

The JavaScript-based CLINKSINK drainer linked to the phishing site performs checks to verify that victims have the Phantom Desktop Wallet installed and is capable of surveying connected Solana wallets to check details, including balances. CLINKSINK is also set up to split the drained funds between the affiliate and operator accounts, usually at a ratio of 80% and 20%, respectively.

In the case of the Mandiant hijacking, the phishing scheme failed due to Phantom recognizing the site as malicious and blocking users from connecting their wallets, BleepingComputer reported.

The hijacker later deleted the phishing tweet and resorted to using the Mandiant account to mock the company with messages like “Check bookmarks when you get your account back.”  

Advertisement

Mandiant identified other legitimate crypto utilities like DappRadar and BONK being used in related CLINKSAFE campaigns across social media platforms, including X and Discord.

CertiK, Netgear and Hyundai Middle East & Africa (MEA) have also had their X accounts hacked in cryptocurrency-draining schemes this year, but there is no confirmation that these incidents were also linked to CLINKSINK.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Crypto

Zcash Price Climbs 13% in a Week as Network Preps Ironwood Upgrade

Published

on

Zcash Price Climbs 13% in a Week as Network Preps Ironwood Upgrade

Key Takeaways

The upgrade traces back to a discovery on May 29. Security researcher Taylor Hornby, working under contract for Shielded Labs, found a soundness flaw inside the Orchard shielded pool’s elliptic curve code. The bug lived in a piece of the halo2_gadgets crate handling point multiplication. A prover could swap in the wrong base point and still get the circuit to accept an invalid proof.

That flaw mattered because Orchard hides sender, receiver and amount by design. A counterfeit note created inside the pool would look identical to a real one. The bug had sat in the code since Orchard went live in May 2022 as part of the NU5 upgrade.

Rapid Patch, No Confirmed Losses

Zcash’s core engineers, including Daira-Emma Hopwood, Kris Nuttycombe and Jack Grigg, confirmed the issue within hours of Hornby’s report. A soft fork disabled new Orchard actions around June 1 to contain exposure. A hard fork, NU6.2, followed on June 3 with a corrected verifying key, restoring full Orchard functionality.

Orchard transactions paused for roughly a day during the rollout. Transparent and Sapling transfers kept running the whole time. Zcash Open Development Lab and Shielded Labs both say they found no evidence that the bug was ever exploited, and the network’s turnstile accounting, which tracks value entering and leaving each pool, showed no signs of unauthorized minting.

There’s a catch developers can’t patch away. Orchard’s privacy means nobody can prove a negative. No cryptographic method exists to confirm counterfeiting never happened, only that it probably didn’t.

Ironwood Closes the Gap

Announced June 6, Ironwood is the fix for that remaining uncertainty. It ships as NU6.3 and was built by ZODL alongside Tachyon, Valar Group, the Zcash Foundation and Shielded Labs.

Advertisement

The upgrade opens a new Ironwood shielded pool built on the patched Orchard circuit, now backed by ongoing formal verification and added independent audits. At the same time, the old Orchard pool gets sealed. Wallets will block new deposits into it, internal transfers between users inside the pool get disabled, and funds can only leave through the turnstile toward Ironwood or a transparent address.

That sealing is the actual fix. Once the legacy pool stops taking new value and stops circulating internally, any theoretical counterfeit notes get boxed in. Anyone running a full node can then add up balances across the active pools and confirm the total supply lines up with what the protocol allows, without waiting on developer assurances or a full migration.

Ironwood also carries ZIP 2005, a set of note format changes meant to support recovery in a future quantum computing scenario. It doesn’t make Zcash quantum-secure today, but it lays the groundwork for a smoother transition later.

Timeline and What Users Need to Do

Testnet activation for Ironwood landed around July 3 and 4. Zebra, the Rust client maintained by the Zcash Foundation, and Valar Group’s independent implementation are both running release candidates against it.

Mainnet activation is targeted for around July 21, tied to a zcashd end-of-support block. Developers say hashrate signaling looks ready, and existing testnet time gives wallets enough runway, so a delay isn’t currently on the table.

Advertisement

Node operators on older zcashd builds will need to move to Zebra or an updated client before that date. Wallets are expected to prompt users to migrate shielded funds out of the old Orchard pool with minimal friction, often a single approval.

Market Response

ZEC’s price tells its own story of the past six weeks. The token fell more than 50% from around $630 down to the $250 to $300 range once the vulnerability became public, then rebounded sharply once the patch and Ironwood plan landed.

As of July 4, ZEC trades at $462.33, up 13.3% over the past seven days, even after a flat 24-hour session. Zooming out, the coin is up more than 1,000% over the past year, a stretch that includes both a run to a 52-week high near $744 in November 2025 and the Orchard scare in late May.

Investor Chamath Palihapitiya has publicly flagged Ironwood’s supply verification model as a meaningful step for the coin, adding outside attention to what started as a bug fix.

Advertisement

For now, the work left is coordination. Formal verification results are due before mainnet, and wallet, exchange, and infrastructure providers still need to ship updated support in the next two and a half weeks.

Continue Reading

Crypto

Trump made money off his meme coin, did its investors?

Published

on

Trump made money off his meme coin, did its investors?

US President Donald Trump has made $US1.4 billion ($2b) from cryptocurrency in the past 12 months.

$US635 million came from celebration coins royalties and $US236m came from cryptocurrency “token sales”, while the rest of his income came from assorted cryptocurrency wallets.

His celebration coin income is linked to meme coins he launched before returning to office, namely $TRUMP.

But what are meme coins and has anyone other than the Trump family profited? 

Meme coins

Cryptocurrencies are a type of digital asset, not unlike a stock, which can be used as an exchangeable form of money online. 

Much like paper currencies since the gold standard was ended, crypto has value because investors collectively agree it does, in part due to its security and scarcity. 

Advertisement

Meme coins on the other hand are a bit harder to pin down. 

“Meme coins are cryptocurrencies that leverage popular memes or internet trends to create a community-driven, often playful approach to digital currency,” according to crypto broker Blockchain.com.

Meme coins have no inherent value and, unlike Bitcoin, have varying limits of scarcity, rendering the price of any coin vulnerable to the rise and fall in popularity of whatever meme or trend inspired the item. 

As an example Hailey Welch, an American woman, launched her own brand of meme coin after she rose to internet fame in June 2024. 

Advertisement

The $HAWK coin released in December 2024 reached a market capitalisation of $500m before it crashed to $25m by late January. 

Investors have since sued $HAWK.

The $TRUMP coin

The $TRUMP coin is valued at $US1.65 as of July 1, 2026. (Supplied: GetTrumpMemes.com)

Mr Trump’s own meme coin $TRUMP launched days before his second inauguration, also in January 2025. 

At its peak it sold for almost $US75 a coin, but by the end of February its value had plummeted to about $US20 and as of July 1, 2026 its value sits at $US1.65.

Advertisement

This is where the bulk of Mr Trump’s $US635m in royalties and $US236m in token sales are believed to have come from.

In April 2026, Democratic Senator for California Adam Schiff said he and other senators would be investigating a Mar-a-Lago conference which invited the top 297 $TRUMP token holders to attend and offered VIP access to Mr Trump. 

In a statement he said CIC Digital and Fight Fight Fight LLC, which controlled 80 per cent of $TRUMP supply, received trading revenue from all $TRUMP activity. 

“The announcement of the conference ‘set off a quick but brief run-up in the price of the $TRUMP meme coin, which reached $3.08 before tumbling back down,’” the senators highlighted. 

Advertisement

President Trump financially benefits from the market value and activity of the $TRUMP cryptocurrency.

Mr Schiff and his fellow senators asserted “not all” investors of $TRUMP and the similarly branded first ladies meme coin, $MELANIA, benefited from their investment. 

“According to recent reports, $TRUMP, and the First Lady’s meme coin, $MELANIA, “erased an estimated $4.3 billion in retail wealth,” they said.

“Insiders, however, reportedly made a fortune: 45 ‘early-deployment wallets’ earned $1.2 billion off the meme coins, meaning that for every dollar insiders earned, retail investors lost $20.”

World Liberty Financial, another Trump family-linked business which distributed Mr Trump’s royalty and token sale revenue, provided him with an additional $65m in income.

Eric Trump and Donald Trump Jr are involved in its management and it was co-founded by Zach Witkoff, the son of Mr Trump’s special envoy to the Middle East Steve Witkoff.

Advertisement
Zach Witkoff, co-founder and CEO of World Liberty Financial, Donald Trump Jr and Eric Trump pose.

Donald Trump Jr and Eric Trump with Zach Witkoff. (Reuters: Eduardo Munoz)

Mr Trump’s $236m in token sale revenue is a marked leap in profits collected compared to Mr Trump’s 2025 disclosure which only reported $US57m from token sales. 

World Liberty Financial launched another cryptocurrency in May, 2025 called USD1. 

USD1 rose to US$1.016 after launch and is now valued at $U0.99. 

It was also used to pay bonuses to UFC fighters performing at the White House in June. 

On July 1, after his disclosure came out, Mr Trump said his wealth was the result of the US stock market’s success. 

Advertisement

“”You know why I’m profiting? Because the stock market’s going up, everybody’s profiting,” Mr Trump said, according to Reuters.

Continue Reading

Crypto

OKX Announces Direct Crypto Aid for Venezuelans Hit by Devastating Twin Earthquakes

Published

on

OKX Announces Direct Crypto Aid for Venezuelans Hit by Devastating Twin Earthquakes

Key Takeaways

OKX Opens Airdrop for Venezuelan Earthquake Victims

OKX, one of the largest cryptocurrency exchanges by volume, has taken action to help Venezuelan users affected by the twin earthquakes that left over 2,000 dead and hundreds of buildings collapsed.

On social media, using its Latam account, OKX referred to the twin earthquakes that hit Venezuela on June 24, 2026, and how the cryptocurrency community has responded to this event in one of the Latam countries with growing crypto adoption.

“We know that these days have been difficult. But we have also seen something extraordinary: the solidarity of Venezuela and the entire international community, which fills us with hope,” it declared.

To help Venezuelan users in regions hit by the natural disaster, OKX announced it will distribute 20 USDT to each user with proof of address (POA) verifying they reside in La Guaira, the state most affected by the twin earthquakes.

While OKX did not disclose the total funds available for this initiative, it pointed out that support was limited and would be distributed on a “first-come, first-served” basis.

Advertisement

The funds will be automatically credited to the accounts that fulfill the POA requirement. “No registration, claim code, or qualifying transaction is required; the 20 USDT reward is automatically credited once eligibility is confirmed,” the exchange explained.

“We know that the road ahead will require effort, help, and support from everyone for a long time. But you will not walk it alone. We are one region, and we will be with you on this journey. We stand with you, Venezuela.” OKX concluded.

OKX’s relief efforts follow a similar campaign by Binance. The most popular exchange in Venezuela pledged $3 million to users residing in La Guaira, Distrito Capital, Miranda, Aragua, Carabobo, Falcón, and Yaracuy, offering a similar path for users to reclaim 20 USDT via redeemable vouchers.

Advertisement
Continue Reading
Advertisement

Trending