💻 Bitcoin Accounts Targeted via Phishing, Says Yuga Labs
A new phishing campaign is targeting the X accounts of crypto influencers. Attackers bypass 2FA, gaining full control of user accounts.
Crypto developer Zak Cole warns the attack exploits X’s own tools to hijack accounts.
“Zero detection. Active right now. Full account takeover,” Cole said.
Unlike traditional phishing scams, this attack does not use a fake page to steal credentials. Instead, it manipulates the application authorization system of X.
MetaMask security expert Ohm Shah confirmed seeing the campaign “in the wild,” indicating multiple high-profile accounts are targeted.
⚙️ How the Phishing Campaign Works
The phishing begins with a message containing a link resembling a Google Calendar redirect, but it actually points to a fake URL: x(.)ca-lendar(.)com. X previews metadata, making the link look legitimate.
“Your brain sees Google Calendar. The URL is different,” Cole explained.
Clicking the link directs the user to an X authentication endpoint requesting app authorization for a calendar app. The app name uses subtle Cyrillic characters, technically differing from the genuine “Calendar” app in X’s system.
Also Read : Bank of Canada Calls to Regulate Stablecoins to Keep Canada a Leader in Payments
⚠️ Warning Signs to Watch
The phishing app requests unnecessary permissions, such as:
- Following or unfollowing accounts
- Updating profiles and account settings
- Creating and deleting posts
- Engaging with other users’ posts
These permissions indicate attackers can gain full control of compromised accounts.
Additionally, once authorized, users are redirected to Calendly instead of Google Calendar, signaling a scam.
✅ How to Protect Yourself
Zak Cole recommends:
- Reviewing your X connected apps page
- Revoking suspicious applications, especially those named “Calendar”
- Ensuring no unauthorized apps have access to your account
This attack highlights the increasing sophistication of phishing tactics targeting top crypto personalities. Vigilance with app permissions is crucial to safeguarding accounts.
