2 min Security

Mandiant’s X account hacked

Mandiant’s X account hacked

A hacker gained access to the X account of Google subsidiary Mandiant to use it for a crypto scam. Mandiant has since regained control of the X account.

After gaining access, the hacker gave the Mandiant account the name @phantomsolw, and then posted a message on the social media platform promoting a fake website. This featured crypto wallet Phantom: according to the fake message, users would receive free $PHNTM tokens because of an airdrop.

While the scam was still visible, BleepingComputer looked at what happened to several victims. If an X user clicked “Claim Airdrop” and the Phantom wallet was not installed, they were redirected to a legitimate website to install the Phantom wallet. Once the wallet is installed, the hacker attempts to steal cryptocurrency from the wallet through the scam automatically.

Phantom Wallet also warns that the scammer’s website is part of a phishing attack. “Phantom believes this website is malicious and unsafe to use. We have disabled the ability to interact with it in order to protect you and your funds.”


In addition to the Phantom scam, the hacker posted other messages using Mandiant’s X account. For example, he posted, “Sorry, change password please.” and “Check out our latest announcement in the replies under this tweet.”

Mandiant has since confirmed that it has regained control of its X account. The name has also been changed back from @phantomsolw to @Mandiant. Getting the account back did take some time. For example, there was a time when visiting the Mandiant profile reported that the account did not exist. Also, the name @phantomsolw was held for a while, possibly because X has restrictions around changing a name quickly.

Tip: Scammers exploit Google News feed through fake ads