How fake X links work

Hackers often hijack trusted accounts or create fake ones to post phishing links that look legitimate.

If you use X regularly, you’ve probably seen a giveaway post or a “limited-time airdrop” link that seems to come from a trusted source. This is exactly what scammers rely on. They either break into verified accounts or impersonate big names in crypto. Then they publish posts urging you to click a link and connect your wallet.

On May 29, an X user alerted the community about a fake $SONIC airdrop announcement circulating on the platform, urging others not to click on any related links and to stay vigilant against phishing attempts.

Fake airdrop announcement link on X

What happens next depends on the scam. Some links lead to fake wallet login pages designed to steal your credentials. Others prompt you to approve a smart contract, which gives the attacker access to your funds. These scams are getting more polished, often mimicking real websites with convincing designs and near-identical URLs.

@zksync X account got compromised in May 2025

Why crypto is a prime target

Crypto transactions are fast, irreversible and often anonymous, making them ideal for scammers. Once a transaction is confirmed on the blockchain, there’s no getting it back. That makes crypto especially attractive to hackers. Many users also store their funds in hot wallets connected to browsers or apps, which are more vulnerable to phishing attempts.

$LOUD token scam

Add to that the growing popularity of NFTs and DeFi projects and there is more possibility for attacks. Approving the wrong contract, even once, can be all it takes to lose everything in your wallet.

Did you know? In March 2025, the official X accounts of both the NBA and NASCAR were hacked, sending fake messages to millions of their followers. These messages falsely announced the launch of their own cryptocurrencies, $NBA coin and $NASCAR coin.

Real-world examples of crypto scams via fake X links

These aren’t hypothetical. Hackers have already pulled off some high-profile attacks using fake X links.

1. WIRED journalist’s X account hijacked (May 2025)

In May 2025, a WIRED journalist disclosed that his X account was compromised and used to promote a fraudulent WIRED cryptocurrency via memecoin launchpad Pump.fun. The attackers created the coin and initiated a pump-and-dump scheme, manipulating the price with deceptive promotions before quickly selling off their holdings. 

Joel Khalili on his X account being hacked

As a result, many investors lost money and the journalist became the target of harassment, including racist and threatening messages, especially from an anonymous Telegram user who demanded a refund of $2,800. 

Analysis from Chainalysis and Hudson Intelligence revealed that the attackers controlled about 12% of the coin and made an estimated $8,000–$10,000 in under 20 minutes. The funds were laundered through various crypto wallets and eventually deposited into Binance, where the trail ended. The journalist had failed to secure their account with two-factor authentication, which facilitated the hack. Despite the risks and frequent scams, trading in memecoins continues to be popular, underscoring the ongoing vulnerabilities in social media and cryptocurrency platforms.

2. Pump.fun X account compromised (February 2025)

In February 2025, the official X account of Pump.fun, a Solana-based memecoin generator, was hijacked to promote a fraudulent governance token called “PUMP.” Shortly after the initial scam post, the hackers escalated their efforts by promoting another fake token, “GPT-4.5,” while threatening to delete the Pump.fun X account if the token reached a $100 million market cap, further adding to the chaos and confusion among users. 

Pump.fun quickly acknowledged the breach on its Telegram channel, urging users not to engage with the compromised X account. This incident highlights how even platforms dedicated to memecoins can become targets for sophisticated scams.

3. Lara and Tiffany Trump’s X accounts breached (September 2024)

In September 2024, hackers breached the X accounts of Lara and Tiffany Trump, posting fraudulent content promoting a family cryptocurrency venture, World Liberty Financial. Eric Trump declared the posts a scam, confirming the compromise on X and the swift deletion of the fake posts. 

The incident was notable given President Donald Trump’s relationship with Elon Musk, who owns X. The family had been promoting World Liberty Financial, which had yet to launch and had already been targeted by scams. An official World Liberty Financial account warned users to avoid any links or token purchases from the compromised profiles.

These examples underscore the importance of vigilance when encountering cryptocurrency promotions on social media platforms.

How to spot a fake X link

Fake links often look real, but a closer look usually reveals red flags. Being aware of the small details can help you avoid costly mistakes.

If you’re scrolling through X and come across a post promoting a new token, an exclusive airdrop or a link to “connect your wallet,” take a moment before clicking. These kinds of posts are common tools in phishing scams, and spotting them often comes down to examining the link and the context closely.

Here are a few things you can look for:

1. Check the URL carefully

Before you click, hover over the link (if you’re on desktop) or tap and hold to preview it on mobile. Look for small changes like:

  • Misspelled words (for example, Binancee.com instead of Binance.com)
  • Strange characters or extra symbols
  • Unfamiliar domain endings like .click, .lol, or .xyz

If something feels off, it probably is.

2. Watch for urgent or emotional language

Scam posts often try to pressure you. You might see phrases like:

  • “Only 30 minutes left!”
  • “Claim your free tokens now!”
  • “Exclusive to early supporters!”

This urgency is designed to get you to act before you think. Real companies don’t rush you into financial decisions.

3. Look at the account behind the post

Even if the post looks professional, take a moment to inspect the account:

  • Is the username slightly different from an authentic brand or influencer?
  • Does the account have a verified badge, or is it paid for?
  • Are the past posts consistent and legitimate, or does the account suddenly start posting about crypto?

Scammers often use newly created or recently hacked accounts to spread malicious links. For instance, in December 2024, Scam Sniffer notified users of a sharp rise in fake crypto accounts on X, warning that over 300 impersonator profiles appeared daily, nearly double the November average.

4. Notice engagement patterns

Are the replies filled with suspicious comments, fake praise, or bot activity? Scammers sometimes flood the comments with bots saying, “This worked!” or “Thanks, I just got my airdrop!” These are meant to build false trust.

5. Double-check before you connect

If a link takes you to a wallet connection page, double-check the website address. Fake wallet popups are one of the most effective tricks used to steal your crypto. Always make sure you’re on the official site, not a lookalike.

Did you know? A single victim lost $2.6 million in stablecoins after falling for two zero-value transfer phishing scams within just three hours, highlighting the growing threat of address poisoning in crypto.

How to protect yourself on X

X is a powerful platform for staying informed about crypto, but it’s also a favorite target for scammers. Knowing how to protect your account and your assets can save you from serious losses.

You don’t need to avoid X entirely to stay safe. But if you’re active in crypto circles, you should treat the platform with the same caution you would observe in a crowded marketplace. 

  • Be cautious: Scammers often use urgency and fake credibility to trick you into clicking malicious links or connecting your wallet.
  • Check URLs: Always hover over links to preview them. Watch for subtle misspellings or suspicious domain endings like .xyz, .click or .site.
  • Verify accounts: Even verified profiles can be hacked. Look at post history, engagement quality and account behavior before trusting promotions.
  • Use 2FA: Enable two-factor authentication with an app like Google Authenticator or Authy to add a second layer of protection.
  • Avoid DMs: Treat unsolicited messages promoting crypto projects or asking you to click links as suspicious, especially if they ask for wallet access.
  • Separate your wallets: Use one wallet for active interactions (airdrops, mints, trading) and another for long-term storage to limit exposure.
  • Report and mute: Help reduce scam visibility by reporting fake accounts and muting anything suspicious in your feed.
  • Stay informed: Follow credible sources for updates on new phishing tactics, wallet drainers and trending scam formats.

Remember, a little caution goes a long way in keeping your assets and identity protected in a space where trust is often the first thing targeted.