Hackers Hijack Scroll Co-Founder’s X Account in Sophisticated Phishing Scam

A chilling breach has rocked the crypto world as hackers seized control of the X (formerly Twitter) account of Ye Chen, co-founder of Scroll, a leading Ethereum layer-2 scaling project. In a calculated phishing scheme, these cybercriminals impersonated X staff, weaving a web of deception with fake copyright violation notices and malicious links to ensnare unsuspecting users.

• High-Profile Hack: Ye Chen’s X account was compromised to spread phishing scams under the guise of X staff warnings.
• Industry-Wide Threat: Similar attacks have targeted BNB Chain, Binance executives, ZKsync, and more.
• Staggering Losses: Chainalysis reports over $3.4 billion stolen in crypto scams during 2025, led by North Korean hackers.

The Ye Chen Hack: A Masterclass in Deception

The audacity of this attack is nothing short of jaw-dropping. Hackers didn’t merely gain access to Ye Chen’s account—they transformed it into a convincing doppelgänger of X’s official presence. They redesigned his profile to mirror X’s branding, reposted content from verified X accounts to fake legitimacy, and sent direct messages with urgent warnings about supposed copyright infringements. Users were given a tight 48-hour deadline to “resolve” the issue by clicking a link, a classic phishing tactic designed to harvest credentials or, worse, drain crypto wallets. For those new to the space, phishing is a form of social engineering where attackers trick individuals into revealing sensitive info by posing as trustworthy entities—think digital wolves in X’s clothing. For more details on this specific incident, check out the report on hackers impersonating X staff through a compromised Scroll founder account.

Scroll, for the uninitiated, is a layer-2 scaling solution for Ethereum that uses Zero-Knowledge Rollups to bundle thousands of transactions into a single proof, slashing fees and speeding up processing on the Ethereum blockchain. Ye Chen, as a co-founder, is a prominent figure whose network spans developers, investors, and enthusiasts—a perfect target for hackers looking to exploit trust. Blockchain security researcher Wu Blockchain raised the alarm on this breach, warning the community of the heightened risk due to Chen’s influence. Imagine receiving a desperate message from a respected leader like Chen; one wrong click, and your hard-earned Bitcoin or Ethereum could vanish into the ether, with no way to claw it back due to the irreversible nature of blockchain transactions.

A Growing Epidemic: Crypto Leaders Under Siege

But let’s not kid ourselves—this isn’t a one-off. The crypto industry is under relentless siege by social engineering scams targeting its most visible figures. Last October, BNB Chain’s official X account was hijacked to push fake reward programs, baiting users with phishing links. Binance co-founder CZ had to jump in, publicly warning followers to ignore the suspicious posts. Fast forward to December, and Binance co-CEO Yi He’s WeChat account was breached, used to hype a meme coin called MUBARA in a blatant pump-and-dump scam that pocketed attackers $55,000 before the ruse was exposed.

Earlier in May, ZKsync and Matter Labs—both key players in Ethereum scaling—had their X accounts compromised through what their teams called “delegated accounts,” a setup with limited posting rights often used for team collaboration. Hackers exploited this to spread false claims of SEC investigations and dangle fake airdrops, causing a 5% nosedive in ZK token price as panic set in. Even crypto news outlet Watcher.Guru wasn’t safe; its account was hacked in March to broadcast fabricated stories of a Ripple-SWIFT partnership, a lie that spread across platforms before being debunked. These aren’t random pranks—they’re surgical strikes exploiting the trust we place in industry voices, and the fallout erodes confidence in a space already fighting for mainstream legitimacy.

The Staggering Cost of Crypto Crime

The financial toll of these scams is enough to make your stomach churn. Chainalysis’s 2026 Crypto Crime Report lays it bare: over $3.4 billion was stolen through crypto-related hacks and fraud in 2025 alone. A whopping $2.02 billion of that—about 76% of service compromises—was traced to North Korean state-backed hackers, who’ve now racked up a cumulative $6.75 billion since they started targeting the space. These aren’t basement-dwelling amateurs; they’re organized, often state-sponsored groups funneling crypto to fund regime activities, exploiting the pseudonymity of blockchain for their gain.

Personal wallet compromises are exploding as well. In 2025, 158,000 incidents impacted 80,000 unique victims—a threefold surge from 54,000 cases in 2022. Specific tactics like address poisoning, where attackers create wallet addresses nearly identical to legitimate ones to trick users into sending funds, led to a single $50 million loss in December. Think of it as a scammer giving you a fake bank account number that’s off by one digit—you don’t notice until your money’s gone. Private key leaks, another favored method, siphoned $27.3 million from multi-signature wallets, which are like digital safes requiring multiple keys to unlock. Each stat isn’t just a number; it represents real people—potentially hundreds per incident—losing savings or investments with no recourse.

Beyond X: Threats on Every Front

The danger isn’t confined to social media either. Ubuntu developer Alan Pope recently flagged a sinister trend of attackers hijacking Snap Store accounts via expired domains, distributing wallet-stealing malware through what appear to be trusted software updates. The Better Business Bureau has also warned of phishing campaigns targeting X users with fake crypto promotions. Consider Kentucky journalist Jennie Rees, whose account was compromised after clicking a malicious link, then used to post ludicrous claims of massive crypto earnings. It’s a brutal reminder that no one—developers, journalists, or even top executives—is immune to these digital predators.

Let’s not sugarcoat it: the crypto space is a goldmine for criminals, and their tools are only getting sharper. X’s security protocols look laughably porous when a co-founder’s account can be turned into a scam megaphone this easily. Is centralized social media inherently at odds with the decentralized ethos of crypto? Perhaps. But while platforms like X must step up, the hard truth is that freedom in this space comes with the heavy burden of personal responsibility. Bitcoin remains the gold standard of financial sovereignty—a store of value with fewer attack vectors than complex smart contract platforms. Yet, as a begrudging maximalist, I’ll concede that ecosystems like Ethereum, and layer-2s like Scroll and ZKsync, drive innovation in ways Bitcoin can’t and shouldn’t. Still, every leap toward mass adoption opens new doors for crooks, and we’re naive if we think otherwise.

Protecting the Revolution: What We Can Do

So, how do we fight back without surrendering the principles of decentralization? First, let’s get practical. Never click unsolicited links, no matter how urgent the message or how legit the sender seems—double-check profiles for subtle discrepancies like odd usernames or missing verification ticks. Lock down your accounts with robust two-factor authentication (2FA), ideally using hardware-based options like YubiKeys rather than SMS, which can be intercepted. Hardware wallets, such as Ledger or Trezor, keep your private keys offline, away from prying eyes. Monitor for unauthorized access—did you delegate posting rights to a third-party tool or team member? Revoke them if you’re unsure.

Community vigilance is our superpower. Blockchain researchers like Wu Blockchain are the unsung heroes flagging these scams—follow them, heed their warnings, and spread the word. There are also emerging tools, like decentralized identity protocols, that could one day tie social media accounts to verifiable blockchain signatures, making impersonation harder. Until then, education is key. Newcomers need to grasp the stakes: one slip-up, and your funds are gone—no chargebacks, no safety net. Veterans must lead by example, sharing best practices and calling out platforms like X for dragging their feet on security overhauls.

Let’s zoom out for a moment. Bitcoin and blockchain tech are still our best shot at upending a rigged financial system, cutting out middlemen, and empowering individuals. But acceleration must be effective—call it e/acc if you like. Push hard for adoption and innovation, but don’t skimp on the seatbelt. Scroll, as a project, could set a precedent post-hack by championing security initiatives or funding community education on phishing prevention. The crypto space has always been about resilience; every exploit is a lesson, every setback a chance to rebuild stronger. Compare this to early disasters like Mt. Gox, where millions in Bitcoin were lost to crude hacks. We’ve come far, but the enemy has evolved too. Hackers won’t slow us down if we refuse to let them—freedom demands vigilance, and that’s a price worth paying.

Key Takeaways: Understanding the Ye Chen Hack and Crypto Threats

• What happened in the Ye Chen X account hack?

  Hackers seized control of Scroll co-founder Ye Chen’s account, mimicked X staff branding, reposted verified content for credibility, and sent phishing links via direct messages to steal user data and funds.

• Why are crypto leaders like Ye Chen frequent targets for phishing scams?

  Their prominence and vast networks make their accounts potent tools for spreading malicious links, leveraging trust to deceive followers into scams.

• How common are social engineering attacks in the crypto industry?

  They’re alarmingly frequent, with breaches hitting BNB Chain, Binance’s Yi He, ZKsync, and Watcher.Guru, revealing a trend of attackers exploiting trusted figures for fraud.

• What’s the financial damage from recent crypto theft?

  Chainalysis reports over $3.4 billion stolen in 2025, with North Korean hackers taking $2.02 billion, adding to a historic total of $6.75 billion in pilfered crypto.

• Do crypto scams only occur on platforms like X?

  No, threats extend to WeChat, Snap Store accounts through expired domains, and direct wallet attacks via address poisoning and private key leaks, targeting personal and multi-signature wallets.

• How can crypto users safeguard against phishing and hacks?

  Be skeptical of unsolicited messages, avoid unknown links, use strong two-factor authentication, secure funds in hardware wallets, monitor account activity, and follow alerts from trusted blockchain researchers.