Skip links

X-ploited: Mandiant restores hijacked Twitter account after attempted crypto heist

Miscreants took over security giant Mandiant’s Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password.

“We are aware of the incident that impacted the Mandiant X account and are conducting a thorough investigation,” a spokesperson told The Register. “We’ve since regained control and the account has been restored.”

But before this happened, the account had been renamed “@phantomsolw,” spoofing the legitimate Phantom crypto wallet service. They then encouraged people to visit a phony website, pledging to distribute free $PHNTM tokens, which, of course, was a scam.

It’s unclear if anyone lost any coins via the attempted theft.

Later, as Mandiant worked to restore its social media account, the fraudsters taunted the threat hunters to “change password please” and “check bookmarks when you get account back.”

Mandiant isn’t the first well-known organization or individual to have its account hijacked. Who can forget the 2020 takeovers of accounts belonging to Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates, former US president Barack Obama, and Tesla CEO Elon Musk (before he bought the site) to promote a Bitcoin scam?

In September 2023 Ethereum co-founder Vitalik Buterin, who has expressed opinions about the Musk-owned platform, had his X account hacked with his followers losing $691,000 in digital assets.

Still, it’s not a good look for what is arguably the leading threat intelligence and incident response firm that Google bought for $5.4 billion in March 2022.

It does, however, seem very on-brand for the beleaguered microblogging platform that has been in a chaotic spiral, losing credibility and bleeding cash since Musk took over in April 2022.

The Register asked X to comment and received the auto-generated “Busy now, please check back later” response, which the website now uses instead of the poop emoji reply to any press emails.

Mandiant’s short-lived compromise comes as another security firm, CloudSEK, warns of a “surge” in criminals taking over and then selling X “Gold” accounts [PDF] for as much as $2,500.

“A hacked or compromised Twitter account can be exploited to mass spread phishing campaigns,” the infosec outfit notes. “This, in turn, damages the reputation and brand of the company whose account was compromised, clearly displaying a lack of stringent security policies and a weak incident response plan.” ®