The cryptocurrency space faced yet another high-profile social engineering attack on December 14, 2024, when Canadian rap icon Drake had his official X account compromised to promote a fraudulent Solana-based meme coin called Anita. The incident, first reported by blockchain investigator ZachXBT, underscores a persistent and escalating vulnerability in the crypto ecosystem: the weaponization of celebrity influence to execute rug-pull scams on unsuspecting retail investors.
The Exploit Mechanics
The attack followed a well-documented playbook. Once the hackers gained control of Drake’s X account, which boasts tens of millions of followers, they posted messages claiming that a new token called Anita had been created in partnership with Stake, the gambling platform with which Drake has a well-known sponsorship deal. The fraudulent posts included a Solana contract address and a character image designed to lend credibility to the project. The hackers exploited the trust that Drake’s followers place in his endorsement, leveraging the genuine connection between the rapper and Stake to make the scam appear authentic.
Within minutes, the project’s purported official X account was created and quickly suspended by platform moderators. The fraudulent posts on Drake’s account were also removed, but not before they had been viewed by potentially millions of users. The speed at which the scam unfolded and was countered highlights both the efficiency of the attackers and the reactive nature of social platform security teams.
Affected Systems
The primary vector in this attack was not a blockchain vulnerability but a social media account takeover. Drake’s X account, a centralized Web2 asset, became the distribution mechanism for a Web3 scam. The Anita token itself was deployed on the Solana blockchain, taking advantage of Solana’s low transaction fees and fast confirmation times, which make it an attractive network for both legitimate meme coins and fraudulent tokens. The scam relied on the centralized trust infrastructure of social media platforms and the decentralized, permissionless nature of token creation on Solana.
This dual-layer attack surface presents a significant challenge. Social media platforms control account access through password-based authentication, two-factor authentication, and session management. When any of these controls fail, the attacker gains access to a megaphone capable of influencing market behavior in real time. Meanwhile, decentralized exchanges on Solana allow anyone to create and list a token within minutes, with no vetting process.
The Mitigation Strategy
Addressing celebrity account compromise scams requires action on multiple fronts. For high-profile individuals and their management teams, implementing hardware-based two-factor authentication, regularly auditing connected third-party applications, and using dedicated devices for social media access are essential precautions. Platform-level solutions include X’s ongoing efforts to improve account recovery mechanisms and detect anomalous posting behavior, particularly when posts contain cryptocurrency contract addresses.
On the blockchain side, decentralized exchanges are beginning to implement token verification systems that flag newly created tokens associated with suspicious wallet activity. Community-driven tools like ZachXBT’s investigative work and token scanning services such as RugCheck provide additional layers of defense by rapidly identifying and publicizing scam tokens. With Bitcoin trading at approximately $101,373 and Ethereum at $3,868 on this date, the crypto market’s total capitalization near $3.7 trillion makes it an increasingly attractive target for social engineering attacks.
Lessons Learned
The Drake X account hack is part of a broader pattern of celebrity account compromises used to promote fraudulent crypto tokens. Previous incidents have targeted accounts belonging to politicians, athletes, and tech executives. The consistent lesson is that no individual or organization is immune to account takeover attacks, and the financial consequences for followers who act on fraudulent endorsements can be devastating.
The crypto community must internalize a fundamental principle: celebrity social media posts promoting tokens should never be taken at face value. Investors should always verify token legitimacy through official project websites, audit reports, and community channels before committing funds. The speed at which the Anita scam was deployed and promoted demonstrates that the window for due diligence is often measured in minutes, not hours.
User Action Required
If you encountered the Anita token promotion on December 14, 2024, and are concerned about potential exposure, take the following steps immediately. First, do not interact with any contract address shared through Drake’s compromised posts. Second, if you already purchased the Anita token, avoid selling through any links provided in the fraudulent posts, as these may lead to phishing sites designed to steal wallet credentials. Third, revoke any token approvals you may have granted to unknown decentralized applications. Finally, monitor your wallet activity using blockchain explorers and report any suspicious transactions to relevant authorities and community watchdogs.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any investment decisions.
at this point if you buy a token because a celebrity tweeted the contract address you deserve to get rekt. zero sympathy
easy to say from behind a keyboard. Drake has millions of followers who know nothing about crypto and genuinely trust his endorsements
agree with Lena. Drake has no crypto expertise and neither do his followers. blaming victims for trusting a verified account misses the point entirely
moonboi2 Drake has 40M+ followers, most of them teenagers who have never touched crypto. telling them they deserve to lose money is a wild take
the Stake connection is what made it believable tbh. same playbook as the hacksaw rug last month, leverage a real partnership
X needs mandatory hardware 2FA for verified accounts with over 1M followers. This keeps happening and the platform does nothing.
CryptoKenji hardware 2FA should be mandatory for any account over 100k followers. the SIM swap and social engineering playbook is too well known at this point
using the real Stake partnership as the hook was the genius move. most fake celeb tokens have zero connection to anything real. this one had context
celeb_rugs the Stake partnership angle is what separates this from the random celeb rugs. actual context makes the social engineering 10x more effective
the Anita token was pumped and dumped in under 3 hours. these crews have the playbook down to a science at this point