X account tied to rapper Nelly compromised, used for crypto phishing scam
Quick Take
- An X (formerly Twitter) account associated with American rapper Nelly was compromised.
- The hacker used the account to lure people to a crypto phishing site.
An X (formerly Twitter) account associated with American rapper Nelly was compromised, with the hacker using the profile for social engineering attacks and lure people to a crypto phishing site, on-chain investigator ZachXBT noted.
The attacker also altered Nelly’s profile to pose as a security analyst for Scam Sniffer — a web-based security solution. “On-chain security analyst. Helping you catch scammers @realscamsniffer,” the bio read. However, the profile seems to have been deleted or otherwise removed, and now says the account doesn’t exist.
Cornell Iral Haynes Jr., better known by his stage name Nelly, has released eight studio albums throughout his career, winning multiple accolades including three Grammy Awards and nine Billboard Music Awards.
Nelly’s profile before being taken down. Image: ZachXBT
Furthermore, ZachXBT cited two messages sent by the scammer to people, trying to claim that they were investigating wallet approval compromises on recipients’ addresses. This was also in an attempt to steal funds by getting users to sign malicious transactions.
“@NellioETH is compromised and pretending to be a member of ScamSniffer. They are trying to message people in an attempt to social engineer them into using a phishing site,” Scam Sniffer stated on X, confirming ZachXBT’s report. “Please always make sure you are visiting scamsniffer.io.”
"Nelly's account was hacked and falsely rebranded to appear affiliated with the Scam Sniffer team (@realScamSniffer). The malicious actors are now sending direct messages to individuals, specifically targeting those with known .eth addresses, falsely warning them of a compromise," Dave Schwed, COO at blockchain security firm Halborn told The Block. "They then guide these individuals to a fake site that mimics ScamSniffer, but with a different top-level domain (TLD) name. Once users 'scan' their address on this fraudulent site, a fabricated compromise is reported. When unsuspecting users connect their wallets and attempt to 'revoke' permissions, they inadvertently grant scammers access to their tokens."
"This isn't a technologically sophisticated attack, but rather a social engineering tactic. It capitalizes on the trust inspired by Nelly's significant follower count and a deceptive website resembling a genuine one. A simple Google search for the authentic ScamSniffer site would reveal the discrepancy in top-level domains (TLD)." Schwed added.
Representatives for Nelly did not return a request for comment from The Block.
Updated with comments from the COO of Halborn.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
