A crypto-centric media outlet has reported that its official X account suffered a hacking incident aimed at spreading a false story about Ripple and SWIFT nearing an agreement to utilize XRP within global payment frameworks.
The unauthorized message went live on March 21 at 2:05 A.M. UTC, incorrectly proclaiming that Ripple was about to collaborate with SWIFT and that billions of XRP had been set aside in escrow as liquidity provisions.
The post rapidly captured attention and generated excitement within the XRP community, with numerous users believing it to be authentic. To add to the confusion, Bitrue, a well-known pro-XRP cryptocurrency exchange, inadvertently disseminated the false report.
Shortly afterward, the media outlet clarified the situation, emphasizing that the post did not originate from their team.
According to the media outlet:
“Our X account has been breached, and the previous post (now removed) was made by a hacker. We have 2FA activated and have implemented strict measures to prevent hacks.”
Due to automated processes, the same incorrect report was also distributed across the outlet’s other social media platforms, including Telegram, Facebook, and Discord. The team indicated that a reposting bot circulated the content across all channels before the issue was detected.
In the meantime, the outlet mentioned that the hacker had blocked Ripple’s official X account and CEO Brad Garlinghouse’s account to “presumably delay a response to the ‘false report’ from their team.”
This incident marks the second significant security breach of a notable crypto platform on X recently. Earlier this week, another media account was compromised and used to share a fabricated story about Donald Trump’s TRUMP memecoin and a fictitious BlackRock ETF filing for Hyperliquid.
Examining the breach
The media outlet suspects that the breach may have commenced weeks prior, as the team received a dubious X link via Telegram on March 5.
The team noted:
“We observed the link being formatted unusually. It was from an official X Developer staging site utilizing X’s legitimate domain, but it contained a unique path and ‘token’ query string that standard X links typically do not include.”
The outlet reported that they flagged the suspicious link and reached out to X’s Head of Cybersecurity, Christopher Stanley, but did not receive a response.
It continued by stating that while the team cannot confirm the link that led to the hack, they noted that the breach bore similarities to that of the other media outlet mentioned, indicating that both accounts had two-factor authentication enabled, no connected applications, and did not use API tokens for posting false content.
They concluded with:
“At present, we have not established the precise source or method behind the hack. All unauthorized posts have been deleted, and our account is now secure. We are reaching out to X for further details.”
Mentioned in this article
