Automation app IFTTT is responsible for the recent ‘$Packy’ token scam on X.
A third-party auto-posting service – known as IFTTT (If This Is This) – was blamed for the flood of fraudulent posts on X, which encouraged victims to send Solan's SOL (SOL) to a wallet address for memes. token “PACKY”
On March 21, X accounts were hacked by scammers promoting fake tokens on their accounts, such as a16z consultant Packy McCormick, Coinbase product director Scott Shapiro, Twitch co-founder Justin Kahn, and other crypto influencers.
McCormick said, “This is not me. Account has been hacked. Working to fix it. Don't click any links from me or (obviously) send money to random addresses.
This follows Solana's wallet address following a malicious post on the account that read, “I created my own memecoin PACKY with big trading plans and CEX details.”
Soon after, McCormick said: “It looks like the hacker got in through IFTTT (If This Then That), which I gave Twitter a decade ago,” before adding that it should now be fixed and urging X users to delete connected apps.
Launched in 2011, IFTTT is a web-based service that allows users to create automated workflows between various Internet-based applications and services.
Blockchain sleuth ZachXBT came to the same conclusion, after sharing the same issue with X's account from Khan, who later confirmed, “Looks like I've been hacked, don't buy any shitcoins pls.”
Shapiro was hacked with a malicious message claiming to have teamed up with Coinbase CEO Brian Armstrong to launch the PACKY token.
Shapiro cautions against linking older third-party apps:
Is there anything more Web 2.0 than this list of connected apps? It's scary how many decades-old authentication tokens there are among these cemeteries. **Delete all**”
Related: Fraudsters Steal Nearly $1M After Hacking 8+ Popular Crypto Twitter Accounts
The hacker hacked the X accounts of Web3 browser app Rainbow Mike Demarais, co-founder of Asymmetric Finance Joe McCann and digital pop artist Brian Brinkman.
Brinkmann has apologized for the fraudulent texts that confirmed the breach of his IFTTT account, which linked his X as a connected app.
“If you sent money to that scam address, please contact me, and I'll find a way to fix it. The lesson I learned here was with 2FA and Ubiquity, there are always vulnerabilities, be careful,” he added.
Cointelegraph reached out to IFTTT for comment and did not receive an immediate response.
X was a hotbed of illegal activities, fraud and extortion. Even the official account of the United States Securities and Exchange Commission was hacked a day before the regulator approved the position of Bitcoin ETFs in January.
Magazine: Why Boomers Love Facebook AI Pictures, Mind-Reading AI Discovery: AI Eye