Famous heavy metal band, Metallica, has been the latest victim of an X account breach. Late Tuesday, hackers used the band’s account to advertise a fraudulent Solana token, $METAL. Although Metallica later recovered the account and deleted the promotional tweets, some users were caught in the scam and lost their SOL tokens.
Also read: Rapper 50 Cent’s Twitter hacked to hype the GUNIT token
Despite being one of the most high-profile X hacks this year, Metallica has yet to release a statement about the incident. Approximately 20 minutes after the posts were put up, $METAL’s market cap rose to over $3 million. After multiple accounts reported the hack, the token’s value plummeted by almost 100%, and its total market cap dropped below $90K.
Hackers suggest collaborations with Ticketmaster and MoonPay on Metallica’s X account
The first post following the hack introduced $METAL as a token on Solana that would change how fans interact with Metallica events and online shopping. It suggested a collaboration with Ticketmaster, promising exclusive discounts on ticket sales. The tweet claimed that fans could get up to 25% discounts if they bought tickets using $METAL.
The tweet highlighted the benefits of the Solana blockchain to $METAL holders. The hackers pointed out the blockchain’s capabilities in streamlining transactions, including buying $METAL, making purchases, earning, and more. Users could also expect widespread adoption of the $METAL token on Solana, they added.
The hackers posted another tweet, suggesting a partnership with MoonPay to help users buy $METAL with credit and debit cards. MoonPay came out soon after to clear the air, insisting it didn’t support the $METAL token.
🚨 MoonPay Safety Alert 🚨
If someone is offering you a $METAL token, they are not the master of puppets – they’re the master of scams! 🎸
Keep your keys safe and ride the lightning responsibly!⚡️ https://t.co/y1j3RkfY0f
— MoonPay 🟣 (@moonpay) June 26, 2024
The hackers used several other tweets to get Metallica’s followers to buy $METAL. One suggested a limited edition Xbox Series X console signed by all Metallica members. More false claims included providing users with staking rewards, custom merchandise, and free concert tickets.
Other high-profile X accounts suffer similar attacks
Rapper Curtis James Jackson, aka 50 Cent, made his followers aware of a similar attack on his X account on June 21. The pump-and-dump scheme targeted his followers to invest in another token called $GUNIT. Similar to what happened in the Metallica case, the token price skyrocketed, and the hackers profited an estimated $300 million during the hack.
Also read: Blockchain security firm warns TON users about phishing attacks
In February this year, Microstrategy’s X account was also hacked, leading to over $400,000 in crypto losses. The hackers claimed the launch of $MSTR, a new Ethereum token backed by Microstrategy’s BTC reserves.
In March, PeckShield, a blockchain security company, reported that Beoble, a web3 chat solutions provider, had its X account breached by phishing hackers. PeckShield requested users not to click on links provided in the post.
Beoble later created a temporary account to confirm the incident and asked its followers not to interact with posts from its official account. Other reports have confirmed that users lost nearly $47 million through the attack.
Cryptopolitan reporting by Collins J. Okoth