AUS
NZ
UK
CA
USA
FRA
GER
ESP
ITA
NLD
PRT
SWE
GRC
IND
POL
BRA
ZAF
RUS
CHN
UAE
Watcher Guru, a major cryptocurrency news outlet, suffered a security breach early on March 21, resulting in the spread of a false report involving Ripple’s XRP and the SWIFT payment network.
The hacker exploited the platform’s automated reposting system to push the fabricated claim across its Telegram, Facebook, and Discord accounts.
Despite two-factor authentication (2FA) being active, the attacker accessed the X account and uploaded a misleading post about a supposed deal between Ripple and SWIFT.
WARNING: Our X account has been hacked and the previous post (now deleted) was posted by a hacker. We have 2FA enabled and have taken extreme measures to avoid hacks. We are looking into this and will provide an update when we have more details. We are working to get in touch
The Watcher Guru team is in contact with X’s support team and has initiated an investigation to understand how the breach occurred.
Fake XRP-SWIFT post shared at 2:05 AM
The breach was detected at approximately 2:05 AM UTC on March 21 when an unauthorised post appeared on Watcher Guru’s verified X account.
The post claimed that SWIFT was finalising an agreement to use XRP for cross-border transactions.
The information was immediately flagged as false by the Watcher Guru team, which deleted the post and issued a follow-up message confirming that the account had been compromised.
Due to the platform’s interconnected social media system, the same false information was automatically distributed to Watcher Guru’s other platforms including its Telegram channel, Discord server, and Facebook page.
The team confirmed that all posts made by the hacker had been removed and that additional steps were being taken to secure the account.
Hack linked to suspicious X link
Watcher Guru suspects that the hack was initiated through a deceptive X link shared in its Telegram account on March 5.
The link, according to the team, appeared legitimate but included an unusual “token” query string—an element that typically does not feature in authentic X URLs.
While no direct connection has been established, the team believes the link may have been part of a targeted social engineering campaign.
The suspicious link prompted the team to contact X’s head of cyber security, but they did not receive a response.
The Watcher Guru team noted the similarity of their case with another attack on DB News, a separate crypto news platform, which also suffered a hack despite having 2FA enabled.
These incidents suggest that social engineering tactics may be evolving to bypass commonly used security layers such as 2FA.
Crypto social media hacks on the rise
This breach adds to a growing list of social media account takeovers targeting crypto influencers, brands, and platforms.
Hackers often use compromised accounts to promote scam tokens or spread false news to manipulate the markets.
In many instances, they launch meme coins just minutes before publishing misleading posts, attempting to exploit the sudden surge in user attention.
A notable case occurred in February when the Instagram account of luxury fashion brand Dior was hacked to promote a fake Solana-based meme coin.
That scam coin reached a $280,000 market capitalisation before crashing by 90% once the post was taken down.
As of now, Watcher Guru has not identified the exact method or source of the breach but has pledged to share more details once its internal investigation is complete.
The team is reviewing its cybersecurity protocols and has reiterated its commitment to preventing similar incidents in the future.
Auto-posting tools increase risks
The incident also highlights the risk of using automated reposting tools that sync content across multiple platforms.
Once a primary account is compromised, misinformation can cascade quickly, especially in a sector like crypto where market-moving headlines can trigger rapid reactions.
Watcher Guru’s use of bots to simultaneously post content from X to other platforms amplified the hacker’s message, increasing the scope of disinformation before it could be addressed.
The team confirmed that the system had been audited and secured following the breach.
The post Watcher Guru X account hacked; false XRP-SWIFT claim spreads across platforms appeared first on Invezz
