IFTTT (If This Then That), a third-party auto-posting service, has been implicated in a recent scam outbreak on X involving bogus posts that prompted users to invest in a fake meme token named “PACKY” by sending Solana’s SOL to a particular wallet address.
The scam notably affected the X profiles of notable figures in the crypto and tech industries, including a16z adviser Packy McCormick, Coinbase product director Scott Shapiro, and Twitch co-founder Justin Kan, all of whom found their accounts hijacked to promote the fraudulent token.
Packy McCormick was among the first to alert his followers, stating, “This is not me.
“Account hacked. Working to get it fixed. Don’t click any links from me or (obviously) send money to a random address.”
His account had previously posted claims about creating the PACKY memecoin with ambitious marketing strategies and plans for CEX listings, accompanied by a Solana wallet address.
McCormick later revealed the intrusion’s source was IFTTT, a service he had linked to his Twitter account years earlier, advising others to revoke permissions to such apps to prevent similar incidents.
Blockchain investigator ZachXBT and other affected individuals, including Justin Kan, echoed this analysis, highlighting the security risks posed by outdated third-party app connections.
Scott Shapiro’s compromised account also spread misinformation about a collaboration with Coinbase’s CEO to launch the PACKY token, leading him to comment on the danger of having old, connected third-party applications and stressed the importance of revoking their access.
The incident further extended to others in the digital space, including Rainbow co-founder Mike Demarais, Asymmetric Finance’s Joe McCann, and digital artist Bryan Brinkman, all victims of the scam through their IFTTT-linked X accounts.
Brinkman issued an apology and offered to assist those who fell for the scam, underscoring the lesson that even with robust security measures like 2FA and Yubikey, vulnerabilities can still be exploited.
As this wave of scams shakes the X platform, highlighting ongoing concerns over cybersecurity in the social media domain, IFTTT’s role in this specific series of hacks remains a critical point of contention, with the company yet to respond to inquiries regarding the incident.
The prevalence of scams and hacking on X, as exemplified by this event and even a breach of the SEC’s official account, underscores the persistent challenge of ensuring digital security amidst the platform’s vast landscape of users and applications.
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.
