New York Post X Account Hacked and Hijacked in Targeted Crypto Scam

Hackers hijacked the New York Post’s verified X account to target crypto users via direct messages, redirecting victims to a Telegram-based scam under false pretenses.
New York Post X Account Hacked and Hijacked in Targeted Crypto Scam
Table of Contents
    Add a header to begin generating the table of contents

    Verified New York Post X Account Compromised to Target Crypto Users

    Cybercriminals have reportedly hijacked the New York Post’s (NYP) verified X account, using it to send deceptive direct messages aimed at cryptocurrency enthusiasts.

    The breach was first highlighted on May 3rd by Alex Katz, founder and CEO of Kerberus, who shared a screenshot showing the compromised account in action. The attackers posed as NYP journalists recruiting guests for a podcast.

    “We’re lining up new guests for our podcast and would love to feature you in an upcoming episode,”
    — Message sent from the hijacked NYP X account


    Scammers Use Social Engineering and Telegram to Bypass Detection

    The fraudulent messages were sent as private DMs, avoiding public detection. Victims were then directed to Telegram, where the scam was set up to unfold.
    Once the message was sent, users were blocked immediately, making it impossible for them to report or reply on X.

    This tactic appears designed to evade detection by NYP staff and to shift victims to a less regulated platform.

    Cybersecurity expert and NFT collector Drew, founder of Drew Security, explained that the scam capitalizes on previous user trust by appearing personalized rather than distributing mass spam links.

    “What’s interesting about this case is that the scammer gained unauthorized access but used DMs to exploit social trust,”
    Drew (@nft_dreww), May 3, 2025


    Scope of Attack Unclear as No Official Response from NYP Yet

    The method of compromise remains unknown, and it’s still unclear how many users were targeted through the fake podcast outreach.

    Some experts have speculated that attackers might also explore vulnerabilities in communication platforms like Zoom to escalate future attacks, including malware installation.

    As of now, the New York Post has not issued an official statement, and Cybernews has contacted the publication for comment.


    Experts Urge Caution With Direct Messages from Trusted Accounts

    Security professionals are advising users to exercise caution with private messages, especially when asked to switch to a third-party platform like Telegram, even if the source seems legitimate.

    “Any account can be compromised. Always verify before continuing communication on another platform,”
    — Industry advisory

    The incident highlights the ongoing risk of social engineering attacks and the importance of continuous monitoring of official social media channels, particularly for media, enterprise, and cryptocurrency sectors.

    Related Posts