Blockchain gaming giant Animoca Brands revealed that the X account of Yat Siu co-founder and chairman was hacked, promoting a fraudulent token on Solana’s Pump.fun platform.
The attackers impersonated Animoca and falsely announced the launch of a token. Blockchain researcher ZachXBT attributed the hack to a phishing scam that recently targeted more than 15 crypto-focused X accounts and ultimately stole nearly $500,000.
Fraudulent “MOCA” token
Siu’s hacked account shared a link to a fake token called Animoca Brands (MOCA) on the Pump.fun platform, which bore the same name of both the company and its Mocaverse NFT collection. This fraudulent MOCA token was traced back to the same address behind other fraudulent listings, ZachXBT confirmed.
After being promoted by Siu’s account, the token briefly hit a peak value of nearly $37,000, only to fall moments later with a market cap of just $5,735, according to data compiled by Birdeye. Currently, there are only 33 token holders.
ZachXBT previously discovered this sophisticated phishing scheme in which phishing emails masquerading as urgent messages from Team X often cited made-up copyright issues and tricked victims into resetting their account credentials.
The scheme took advantage of the credibility of cryptocurrency-related accounts with large audiences. Most of them had more than 200,000 followers. Accounts affected included Kick, Cursor, The Arena, Brett and Alex Blania. The first attack was on November 26, involving RuneMine, and the most recent took place on December 24, affecting Kick, just before Siu’s.
2FA “Not enough” to secure accounts
Siu explained that the hacker somehow obtained his password and used the account recovery page to bypass 2FA by submitting a request with an unregistered email address. He tested this process and noticed a major security breach: while the system triggered a login notification to the wrong email, the real, registered email didn’t receive any alerts for critical actions like a request of change 2FA.
He said this lack of notification could have prevented the hack. Siu also added that the hacker presented a government-issued ID to avoid further security checks, a tactic he suspects was facilitated by phishing. He urged X to implement stronger notifications, especially for sensitive changes like 2FA modifications, and recommended better verification measures to protect accounts.
Siu also cautioned that 2FA alone is not enough to secure an account and advised maintaining strong password hygiene, as attackers can bypass 2FA once they have access to the password.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
LIMITED OFFER for CryptoPotato readers on Bybit – Use this link to register and open a FREE $500 position with any currency!
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Solana 
Dogecoin 
USDC 
Cardano 
Lido Staked Ether 
TRON 
Avalanche 
Sui 
Wrapped stETH 
Toncoin 
Chainlink 
Shiba Inu 
Wrapped Bitcoin 
Stellar 
Hedera 
Polkadot 
WETH 
Bitcoin Cash 
LEO Token 
Uniswap 
Litecoin 
Bitget Token 
Hyperliquid 
Pepe 
Wrapped eETH 
NEAR Protocol 
Ethena USDe 
USDS 
Internet Computer 
Aptos 
Aave 
Mantle 
Cronos 
Render 
POL (ex-MATIC) 
MANTRA 
Ethereum Classic 
Bittensor 
VeChain 
WhiteBIT Coin 
Monero 
Virtuals Protocol 
Artificial Superintelligence Alliance 
Dai 
Tokenize Xchange