A new scam is sweeping through the Solana ecosystem, exploiting the IFTTT service to target prominent individuals’ social media accounts. The fraudulent scheme involves misleading posts that urge followers to invest in a non-existent meme token called PACKY, directing them to send funds to a specific wallet address.
High-Profile Figures Warn Followers of Scam
The series of scam posts originated when the social media accounts of influential figures, including a16z advisor Packy McCormick, Coinbase product director Scott Shapiro, and Twitch co-founder Justin Kan, were manipulated to promote the counterfeit token. McCormick quickly alerted his followers that his account had been breached due to a decade-old permission granted to IFTTT, cautioning against engaging with any suspicious links or sending money to unknown addresses. Similarly, Shapiro emphasized the dangers of lingering third-party app connections, reflecting on the extensive list of outdated authorization tokens that pose security threats.
IFTTT, a web service active since 2011, facilitates automated tasks between diverse internet applications. The service’s vulnerability was highlighted when accounts connected to it were compromised. Blockchain detective ZachXBT pointed out that Justin Kan’s account was also hacked, issuing a warning about purchasing the fake meme coin.
Continued Security Challenges for Social Platforms
Other victims of the scam included Rainbow co-founder Mike Demarais, Asymmetric Finance’s Joe McCann, and digital artist Bryan Brinkman. Brinkman apologized for any misleading posts and underscored the persistent security risks online, even for those employing robust measures such as two-factor authentication and Yubikey. He offered assistance to anyone who may have been defrauded by the scam.
The incident underscores the ongoing battle against illicit activities within the digital space. The platform, referred to as X in the report, remains a target for scams and hacking, with even the SEC’s official account falling prey to a security breach just a day before a significant regulatory decision regarding Bitcoin ETF funds.
