On May 10, 2025, the cryptocurrency media landscape experienced a jarring reminder of how fragile digital trust can be. Cointelegraph, one of the largest and most recognized crypto news outlets in the world, had its official X (formerly Twitter) account compromised in a coordinated phishing and memecoin scam that sent shockwaves through the community.
The Exploit Mechanics
The attack unfolded when unknown threat actors gained unauthorized access to Cointelegraph’s verified X account, which boasts over 2.6 million followers. Once inside, the attackers used the account’s credibility to execute a two-pronged scheme. First, they posted a suspicious token contract address promoting a fraudulent memecoin called TELE, leveraging the outlet’s trusted brand to attract buyers. The post was quickly deleted but not before gaining traction among followers who assumed the endorsement was legitimate.
Simultaneously, the attackers sent direct messages to prominent crypto platform participants and industry figures. These messages claimed that an article had been published involving the recipient’s content, urging them to click a link to review it. The psychological hook preyed on ego and professional curiosity — a classic social engineering tactic that remains devastatingly effective.
The links led to a phishing site that closely mimicked the legitimate Cointelegraph domain using a subtle typo-squatting technique — the fake URL resembled “cointetegraph.com” rather than the authentic domain. Once on the site, victims were prompted to log in using their X credentials. The login page was a complete spoof, designed to harvest usernames, passwords, and potentially even two-factor authentication codes in real time.
Affected Systems
The breach primarily affected Cointelegraph’s social media presence on X, though the downstream impact extended far beyond a single platform. Multiple crypto influencers and industry participants reported receiving the phishing DMs. Blockchain investigator ZachXBT noted that the compromise follows a pattern of recent social engineering attacks via X, showcasing increasing sophistication among attackers.
The attackers reportedly launched the TELE memecoin after sending private messages impersonating Cointelegraph, creating a dual-revenue stream — both harvesting credentials and profiting from the memecoin pump. Community members quickly mobilized to warn others, but not before some users were tricked into purchasing the fraudulent token. The exact losses remain unclear, though the July 2020 Twitter hack — which used a similar high-profile account takeover model — resulted in over $100,000 in losses.
At the time of the attack, Bitcoin traded at approximately $104,696 and Ethereum at $2,582, according to CoinMarketCap data. The broader crypto market remained robust with a total capitalization exceeding $3.4 trillion, making the sector an increasingly attractive target for sophisticated social engineering campaigns.
The Mitigation Strategy
Cointelegraph regained control of its account relatively quickly, suggesting the organization had incident response protocols in place. However, the speed at which the attackers operated — posting fraudulent content, launching a memecoin, and sending targeted phishing messages — demonstrates that even brief compromises can cause significant damage.
The incident underscores the critical importance of hardware-based two-factor authentication for high-profile social media accounts. SMS-based 2FA, which remains common, is vulnerable to SIM-swapping attacks. Security keys such as YubiKey or Titan provide significantly stronger protection against credential theft, even when attackers manage to phish passwords.
Lessons Learned
The Cointelegraph hack is the latest in a troubling series of social media compromises targeting the crypto industry. In the same month, the MicroStrategy X account was hacked to promote an Ethereum phishing scam, and the New York Post account was similarly compromised. These incidents reveal a systemic vulnerability: the crypto industry’s heavy reliance on social media for information dissemination creates a single point of failure that attackers can exploit.
For organizations, the lesson is clear: social media accounts must be treated with the same security rigor as financial infrastructure. This means hardware security keys, dedicated devices for account management, regular access audits, and pre-planned incident response procedures that can be activated within minutes of detecting unauthorized access.
User Action Required
Individual crypto users should take immediate steps to protect themselves from similar attacks. First, never click links in unexpected direct messages, even from accounts you trust — verify through alternative channels first. Second, always verify cryptocurrency token contract addresses through official project websites or trusted explorers like Etherscan before making any purchases. Third, enable hardware-based two-factor authentication on all social media accounts. Finally, consider using a password manager with unique passwords for each platform to limit the blast radius of any single credential compromise.
The crypto industry’s continued growth — with Bitcoin above $104,000 and institutional adoption accelerating — will only attract more sophisticated attackers. Vigilance, education, and robust security practices remain the strongest defenses against these evolving threats.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any investment decisions.
The DM phishing vector is what makes these attacks spread. Compromise one account, DM industry figures who trust the brand, chain compromise. The TELE token was just the exit liquidity.
Man, this is getting out of hand. If even Cointelegraph can’t keep their socials secure, what hope is there for the average retail investor? We really need better 2FA standards across these platforms because these phishing scams are becoming way too sophisticated for most people to spot.
hardware 2fa costs $50 and would have stopped this. the ROI on a single yubikey vs losing your entire brand credibility is the easiest math ever
hardware based auth for corporate social media should be mandatory at this point. yubikeys cost $50 and would have prevented this entire attack chain
Lmao another day another hack in the wild west of crypto. I saw the memecoin post and knew immediately it was a rug just by the formatting. Stay safe out there folks and never click links on X unless you’ve verified them through multiple channels first. Total rookie mistake by the CT social team.
the formatting tell is real. legit project announcements have a specific structure and tone. anything slightly off with links or token contracts is an instant block
the TELE token contract address was posted from a 2.6M follower account. within minutes it had liquidity and volume. the speed of these rug pulls is what makes them so effective
the speed is the scary part. within minutes a fake token had real liquidity and real buyers. 2.6M followers is essentially a money printer for scammers
The technical execution of these account takeovers is evolving rapidly. It’s no longer just simple password guessing; we’re seeing advanced session hijacking and SIM swapping targeting high-profile industry accounts. This incident highlights why the crypto community needs to move toward hardware-based authentication for all corporate social media presence.
a media outlet with 2.6M followers got hacked and the entire scam lasted maybe 30 minutes. in crypto that is enough time to drain millions. trust is fragile