Skip to content

Mandiant’s X account was hacked to promote a crypto scam

  • by
  • 2 min read

The X account of Google-owned cybersecurity firm Mandiant was hacked by unknown threat actors and used to deliver cryptocurrency scam tweets to its 122.5K followers.

The hackers changed the X username of Maniant to @phantomsolw and started publishing tweets luring the victims to a fake Phantom crypto and NFT wallet website masquerading as a legitimate one.

Acknowledging the breach, a Mandiat spokesperson assured the public that the company is actively working to rectify the situation. “We are aware of the incident impacting the Mandiant X account and are working to resolve the issue,” a Mandiant spokesperson told BleepingComputer.

The malevolent actors behind the attack exploited the compromised account to entice X users with the allure of free $PHNTM tokens through a deceitful airdrop. Individuals clicking the ‘Claim Airdrop’ button without the Phantom wallet installed were directed to a legitimate site, coercing them to install the wallet.

Once installed, the fraudulent website tried to siphon funds from victims’ cryptocurrency wallets.

It seems that Mandiant has successfully recovered their account and X username.

However, the Phantom Wallet intervened, flagging the dubious website as malicious and unsafe, subsequently disabling interaction with it to shield users and their assets.

After deleting the initial scam tweet, the attackers opted to taunt Mandiant by advising them to “change password” and suggesting they “check bookmarks” upon regaining control of their account.

At the time of writing, all the scam tweets had been removed, and Mandiant had regained control of the account. Their X username has also been recovered and is now @Mandiant.

Cybersecurity analysts have also questioned Mandiant’s measures to protect their social media accounts. Some also blame Elon Musk-owned X for the hack. Cybersecurity researcher Chaofan Shau discovered that X was vulnerable to XSS attacks whereby if you click on a malicious link, the attackers will take over your account.

Chaofan reported this to the social media platform, but the problem seems to persist as of now.

In the News: GXC Team is using and selling AI-powered phishing tools

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: