Watcher.Guru Reports X Account Breach Amid Social Engineering Suspicions

Hackers Block Ripple Execs After Compromising Watcher.Guru’s X Account

Watcher.Guru, a crypto and finance news platform with 2.9 million followers on X, revealed that its account was hacked, leading to an unauthorized post about Ripple and XRP. The breach, which occurred on March 21, has raised concerns about social engineering and platform security.

On March 5, Watcher.Guru received a suspicious Telegram message containing an official X link with an unusual format. The link, which included a specific path and token query string, was sent by an unknown user. Although the link appeared legitimate, Watcher.Guru reported it to X’s head of cybersecurity, @cstanley, but received no response.

The hack was confirmed on March 21 at 2:05 AM UTC when an unauthorized post appeared on Watcher.Guru’s X account. The post claimed that SWIFT was nearing an agreement with Ripple to use XRP for cross-border payments, with billions of dollars in XRP secured in escrow. The post was quickly deleted, and Watcher.Guru logged out all devices and reset the password.

The unauthorized post was automatically reposted to Watcher.Guru’s other social media platforms, including Telegram, Facebook, and Discord, due to an automated bot that shares “JUST IN” or “BREAKING” posts. Watcher.Guru confirmed that two-factor authentication (2FA) was enabled, no connected apps were used, and no API tokens were compromised.

The exact method of the hack remains unclear, but Watcher.Guru noted similarities to a recent hack of @tier10k. The attackers also blocked Ripple’s official account and CEO Brad Garlinghouse, presumably to delay any response to the false post.

Watcher.Guru has since secured its account and is working with X to investigate the breach. The incident highlights the ongoing risks of social media security vulnerabilities, even for accounts with robust protective measures.