New York Post X account hacked to scam users with $100k risk

Hackers gained unauthorised access to the New York Post’s official X account and used it to send scam direct messages to crypto users, according to multiple reports.

The compromised account sent private messages inviting recipients to participate in a podcast and directed them to contact the sender via Telegram.

The scam was first identified on May 3 by Alex Katz, CEO of Kerberus, who shared a screenshot showing a message apparently from journalist Paul Sperry sent through the New York Post’s X account.

Cybersecurity engineer and NFT collector known as “Drew” noted the scammer did not post typical phishing links or wallet drainers but instead messaged users directly and then blocked them to prevent replies.

“After sending the message, the scammer blocks users from replying to prevent the actual New York Post team from being alerted to the compromise,” Drew said.

Donny Clutterbuck from the NFT Bitcoin (CRYPTO:BTC) platform Fomojis also reported being contacted and suggested the breach might have exploited a Zoom audio permission vulnerability.

He explained that clicking to enable audio triggered a pop-up offering to enable WiFi, which he speculated could grant network access to the attacker.

Blockchain investigator ZachXBT compared this incident to a similar hack of The Defiant’s X account weeks earlier that also involved scam direct messages.

This event reflects a broader trend of scammers shifting to direct messaging and video conferencing platforms like Zoom to target crypto users.

In April, Emblem Vault CEO Jake Gallen reported losing $100,000 to a Zoom-based scam after being contacted via X for a fake interview that led to malware installation.

The New York Post’s verified Twitter account has been compromised before, including a 2022 incident involving obscene posts by a rogue employee.