Tron DAO Recovers X Account After Hacker Solicits $45K in Crypto

A wave of social media hacks is targeting the cryptocurrency space, with the Tron DAO, Curve Finance, and even the New York Post falling victim.

Tron

On May 2, the Tron DAO’s official X account was compromised in a social engineering attack. This resulted in a hacker posting a fake contract and soliciting $45,000 from users. Despite quick action to regain control, the hacker continued posing as Tron online. Curve Finance also suffered an X account breach, with a scammer promoting a fake CRV airdrop and blocking users who tried to raise the alarm. Most recently, the verified X account of the New York Post was compromised and used to privately message crypto figures, posing as journalists to lure victims into Telegram or Zoom-based scams. 

Tron DAO X Account Hacked

A wave of social media account takeovers is once again plaguing the cryptocurrency industry, and the Tron DAO and Curve Finance became the latest victims. On May 2, the official X account of Tron DAO was compromised. The hacker reportedly solicited approximately $45,000 from unsuspecting users by posting a fake contract address and sending direct messages offering promotional opportunities in exchange for payments. 

According to Tron’s public relations team, their security team quickly regained control of the account, and it is believed that the breach stemmed from a malicious social engineering attack targeting a team member. Despite recovering access, the attacker continued trying to engage others by falsely offering paid posts from Tron DAO’s main account. 

The team is working with law enforcement to investigate the incident. Tron founder Justin Sun initially accused crypto exchange OKX of failing to freeze funds linked to the hack, though the post making that claim was later deleted after a denial by OKX CEO Star Xu.

Curve Finance also experienced a takeover of its X account. On May 5, a scammer used the account to promote a fake CRV airdrop, which prompted concern among users. Founder Michael Egorov confirmed the account was silently compromised but not the underlying client devices or systems. The Curve team, with assistance from cybersecurity firm SEAL, eventually regained access. During the attack, the hacker not only shared malicious links but also blocked users who tried to warn others about the breach.

These incidents only add to a growing list of high-profile X account hacks. In April last year, UK Member of Parliament Lucy Powell’s account was hijacked to promote a scam token, House of Commons Coin (HOC). In March, Kaito AI and its founder Yu Hu saw their accounts misused to spread false claims of compromised wallets. And in February, Pump.fun’s account was taken over to promote fraudulent tokens, including a fake governance token. 

Tron Closes in on Ethereum

Despite its recent social media account hack, Tron’s momentum is still building. In fact, the Tron network is rapidly closing the gap with Ethereum in terms of Tether (USDT) circulation after another major mint by the stablecoin issuer. 

On May 5, Tether issued $1 billion worth of USDT on Tron, which pushed the network’s total USDT supply to $71.4 billion. This places Tron just $1.4 billion behind Ethereum’s $72.8 billion in USDT, according to Tether’s Transparency report and data from Arkham Intelligence. Tron previously led Ethereum in USDT circulation between July of 2022 and November of 2024, but an $18 billion Ethereum mint reversed the standings.

Solana ranks third among USDT-supporting networks, hosting $1.9 billion, while smaller amounts circulate on Ton, Avalanche, Aptos, Near, Celo, and Cosmos. Overall, Tether’s total USDT supply reached an all-time high of $149.4 billion, up 8.6% since the beginning of the year. This growth reinforces Tether’s dominant 61% market share in the stablecoin sector, according to CoinGecko, while rival Circle holds a 25% share with $62 billion in USDC.

The broader stablecoin market has seen a sharp resurgence over the past six months and now comprises 8% of the entire crypto market capitalization. Looking ahead, the United States Treasury Department projected the stablecoin market could grow to $2 trillion by 2028 if a regulatory framework is established. 

Stablecoin market

Current state of the stablecoin market (Source: United States Treasury Department)

Two key legislative proposals—the GENIUS Act and the STABLE Act—are currently making their way through Congress. The GENIUS Act will define payment stablecoins and set reserve requirements, while the STABLE Act would regulate nonbank stablecoin issuers. The Senate is expected to vote on the GENIUS Act before May 26. 

Tether is also preparing to launch a new US-based stablecoin later this year. For now, its release is contingent on the passage of regulatory legislation.

New York Post X Account Also Compromised

In addition to Tron’s DAO account, the New York Post’s verified X account was also compromised in a sophisticated scam targeting members of the crypto community. Multiple users, including well-known people in the space, reported receiving direct messages from the account inviting them to participate in a podcast interview and urging them to continue the conversation via Telegram.

The suspicious activity was first flagged on May 3 by Alex Katz, CEO of Kerberus, who shared a screenshot of the deceptive message, allegedly sent by journalist Paul Sperry through the official New York Post account. What makes this incident so interesting is the attacker’s strategy: instead of posting publicly visible scam links, like a wallet drainer or a Pump.fun address, the bad actor focused entirely on direct communication. This more subtle approach may have been done to delay detection and exploit users' trust in the verified media outlet.

Cybersecurity engineer and NFT collector known as “Drew” shared that the attacker blocked recipients after sending the message, likely to prevent the actual New York Post team from being alerted. Donny Clutterbuck from NFT Bitcoin’s ordinals platform Fomojis also reported being contacted by the hacker. He raised concerns that the scam may involve a Zoom exploit

According to Clutterbuck, clicking to enable audio during a Zoom call prompted an unusual pop-up with an option to “enable WiFi,” which he speculated might give the attacker unauthorized network access. Blockchain analyst ZachXBT compared the method that was used in this hack to a similar compromise of The Defiant’s X account several weeks ago, where scammers also leveraged direct messages to lure crypto users.

This incident now adds to the growing concerns about the security of social media accounts and communication platforms used by high-profile organizations and people in the crypto sector. In April, Emblem Vault CEO Jake Gallen reportedly lost $100,000 in crypto during a Zoom interview in which malware was installed on his device.