Verified New York Post X Account Compromised to Target Crypto Users
Cybercriminals have reportedly hijacked the New York Post’s (NYP) verified X account, using it to send deceptive direct messages aimed at cryptocurrency enthusiasts.
The breach was first highlighted on May 3rd by Alex Katz, founder and CEO of Kerberus, who shared a screenshot showing the compromised account in action. The attackers posed as NYP journalists recruiting guests for a podcast.
“We’re lining up new guests for our podcast and would love to feature you in an upcoming episode,”
— Message sent from the hijacked NYP X account
Scammers Use Social Engineering and Telegram to Bypass Detection
The fraudulent messages were sent as private DMs, avoiding public detection. Victims were then directed to Telegram, where the scam was set up to unfold.
Once the message was sent, users were blocked immediately, making it impossible for them to report or reply on X.
This tactic appears designed to evade detection by NYP staff and to shift victims to a less regulated platform.
Cybersecurity expert and NFT collector Drew, founder of Drew Security, explained that the scam capitalizes on previous user trust by appearing personalized rather than distributing mass spam links.
“What’s interesting about this case is that the scammer gained unauthorized access but used DMs to exploit social trust,”
— Drew (@nft_dreww), May 3, 2025
Scope of Attack Unclear as No Official Response from NYP Yet
The method of compromise remains unknown, and it’s still unclear how many users were targeted through the fake podcast outreach.
Some experts have speculated that attackers might also explore vulnerabilities in communication platforms like Zoom to escalate future attacks, including malware installation.
As of now, the New York Post has not issued an official statement, and Cybernews has contacted the publication for comment.
Experts Urge Caution With Direct Messages from Trusted Accounts
Security professionals are advising users to exercise caution with private messages, especially when asked to switch to a third-party platform like Telegram, even if the source seems legitimate.
“Any account can be compromised. Always verify before continuing communication on another platform,”
— Industry advisory
The incident highlights the ongoing risk of social engineering attacks and the importance of continuous monitoring of official social media channels, particularly for media, enterprise, and cryptocurrency sectors.