Canadian music superstar Drake’s X account was hacked over the weekend, with the perpetrators using his platform to promote a fraudulent Solana-based meme coin. Meanwhile, a hardware wallet user reported the devastating loss of $2.5 million in Bitcoin and NFTs due to a phishing scam dating back several years.
Canadian music icon Drake became the latest high-profile victim of a social media hack when his X account was compromised on Saturday night. The hacker used the account to promote a fraudulent Solana-based meme coin dubbed “$ANITA,” a token reportedly inspired by Drake’s cartoon “alter ego,” Anita Max Wynn.
Drake, born Aubrey Drake Graham, has long been known for his love of gambling, a theme reflected in his cartoon persona, Anita Max Wynn. The name, a playful nod to the phrase “I need a max win,” resonates with the gambling community and fits seamlessly with Drake’s partnership with Stake, a popular crypto betting platform. Exploiting this association, the hackers reposted and quoted a now-deleted X account to promote the coin as an official collaboration between Drake and Stake.
The fraudulent “$ANITA” token also capitalized on Drake’s current “Anita Max Wynn” tour, which marks his return to Australia and New Zealand after a seven-year hiatus. By tying the token to Drake’s brand and tour, the hackers created a veneer of credibility, enticing unsuspecting fans and crypto traders to buy into the scam.
The promotion to Drake’s 39 million followers resulted in a swift surge in activity around “$ANITA.” According to DexScreener data, the meme coin saw an astonishing $5 million in trading volume before traders began to realize the project was fraudulent. The price of the token collapsed as the scam unraveled, leaving many buyers at a loss.
The posts were later removed from Drake’s account, and neither Drake nor his representatives have issued a public statement about the incident at the time of writing.
Drake’s hacked account is part of a troubling trend of social media exploits targeting influential figures and organizations to push fraudulent crypto schemes. Just a week earlier, the Cardano Foundation’s X account was similarly hacked and used to promote a meme coin scam. However, that scam managed to generate only a fraction of the trading volume—just 10% of the “$ANITA” coin’s total.
Other recent victims include chart-topping musicians Cardi B and Doja Cat, as well as legendary rock band Metallica. These incidents have exposed the vulnerabilities in X’s security protocols and raised concerns about the platform’s ability to safeguard accounts with massive followings.
The hack sheds some light on the risks of unregulated and hype-driven cryptocurrency projects, particularly meme coins, which often lack intrinsic value and are fueled by speculative trading. It also demonstrates the ease with which bad actors can exploit the trust and influence of celebrities to deceive the public.
For Drake, the incident may prompt a reassessment of security measures for his social media accounts. For X, the platform faces mounting pressure to bolster its defenses and provide enhanced security tools for high-profile accounts.
Crypto Community’s Reaction
The crypto community and Drake’s fans have expressed mixed emotions about the incident. Some traders voiced frustration over losing money to the fraudulent token, while others saw it as a cautionary tale about the risks of investing in projects promoted through unofficial or suspicious channels.
As celebrity-endorsed scams become more prevalent, this latest incident with Drake’s X account reiterates the urgent need for better education around cryptocurrency scams and stronger security measures on social media platforms. While the fraudulent “$ANITA” meme coin may have been short-lived, its impact will serve as a warning to both fans and the broader crypto community about the dangers of blindly trusting promotional posts—even from trusted public figures.
Crypto Investor Loses $2.5 Million in Phishing Scam, Highlighting Ongoing Security Risks
In other security news, the cryptocurrency community was dealt another stark reminder of the risks lurking in the digital asset space as a hardware wallet user, identified as “Anchor Drops” on X, reported losing $2.5 million in Bitcoin (BTC) and non-fungible tokens (NFTs) due to a phishing attack.
On Dec. 13, Anchor Drops revealed on X that their Ledger Nano S hardware wallet had been compromised, resulting in the loss of 10 BTC, worth approximately $1 million at current market prices, alongside $1.5 million worth of NFTs.
The incident was traced back to a phishing attack that reportedly occurred years ago but only recently came to light. Blockchain security analysts and Ledger, the wallet’s manufacturer, have since analyzed the breach and confirmed its connection to a malicious transaction from February 2022.
Ledger, a leading manufacturer of hardware wallets, pointed to a phishing transaction tagged “Fake_Phishing5443” on Etherscan as the likely source of the hack. According to blockchain analyst KDean, Anchor Drops unknowingly signed a phishing transaction nearly three years ago, granting token approval to a malicious actor.
The phishing transaction allowed the attacker to quietly monitor the wallet for years before eventually draining it. This “dormant hack” strategy has become increasingly common among cybercriminals, allowing them to avoid detection until the right moment to strike.
Hakan Unal, a senior scientist at blockchain security platform Cyvers, explained, “Blockchain evidence shows they signed a phishing transaction nearly three years ago, unknowingly granting approval to a malicious actor. The hacker remained dormant for years before eventually draining the wallet.”
Unal emphasized that the incident had no connection to Ledger’s hardware or software, adding that users should regularly review token approvals to safeguard their assets.
While the NFT theft was tied to Ethereum transactions, the method used to drain the victim’s Bitcoin holdings remains unclear.
Tony Ke, lead security researcher at blockchain firm Fuzzland, noted, “For the NFT, KDean’s comment can explain everything. But I don’t understand how the BTC is stolen.”
Experts suggest that if the phishing attack also compromised the user’s recovery phrase, it could have granted the attacker access to the wallet across all supported blockchains, including Bitcoin.
“If the phishing attempt also captured the user’s recovery phrase, the attacker could gain access to the wallet across all supported chains,” Unal explained. Ledger echoed this assessment, indicating that user error might have played a role in the Bitcoin loss as well.
The incident highlights several important lessons for crypto users:
-
Understand Token Approvals: Phishing scams often exploit token approvals, granting malicious actors access to wallet funds. Regularly reviewing and revoking unnecessary approvals can help prevent such attacks.
-
Secure Recovery Phrases: A compromised recovery phrase is akin to handing over the keys to a safe. Users should store their recovery phrases offline and away from potential phishing attempts.
-
Be Cautious with On-Chain Interactions: Signing transactions without fully understanding their implications can have catastrophic consequences. As Ledger and other security experts stress, using a hardware wallet is only part of the equation; users must remain vigilant and informed about every interaction.
An Ongoing Problem in Crypto Security
The phishing attack on Anchor Drops adds to a growing list of high-profile crypto scams, with criminals becoming increasingly sophisticated in targeting unsuspecting users.
According to blockchain security firms, phishing remains one of the most effective tools for attackers, particularly in the crypto space, where transactions are irreversible, and assets are self-custodied.
As decentralized finance (DeFi) and NFTs gain mainstream traction, the stakes for protecting digital assets have never been higher. While hardware wallets like Ledger are designed to provide enhanced security, incidents like this reveal that user education and awareness are just as crucial as the technology itself.
In light of the incident, Ledger has reiterated its commitment to user education and security. The company encourages users to adopt best practices, such as:
-
Regularly reviewing token approvals and revoking unnecessary ones.
-
Storing recovery phrases securely and offline.
-
Verifying all on-chain interactions before signing transactions.
“While using hardware wallets is crucial in terms of security enhancement, it’s equally important to understand every interaction with the wallet and make informed decisions,” said Fuzzland’s Ke.
The $2.5 million loss suffered by Anchor Drops serves as a harsh reminder of the risks inherent in the cryptocurrency market. Despite the sophistication of hardware wallets like Ledger, no solution is foolproof without user vigilance. As the crypto space continues to evolve, staying informed and cautious will be key to avoiding similar tragedies.
For the broader crypto community, this incident underscores the importance of cybersecurity practices and regular audits of on-chain permissions, particularly during periods of heightened market activity.