Toolio | X.com tool directory
Best X's Tools Directory for Growing Your Brand and Business.
Explore

Cybercriminals Exploit X Ad Feature to Launch Sophisticated Crypto Scam


May 14, 2025

 X Ad URL Exploit Powers Crypto Scam Campaign
Cybersecurity analysts have uncovered a dangerous new scam exploiting X (formerly Twitter)’s advertising URL display system to mislead users into falling for fake cryptocurrency promotions.


Threat researchers at Silent Push revealed that attackers manipulated X’s ad URL preview functionality to display trusted domains – like CNN.com – even though the actual link led victims to scam websites impersonating Apple and promoting a fake "Apple iToken" crypto presale.

How the Attack Works


This scheme abuses how X generates its link preview cards. When a URL is posted in an ad, X's bot fetches metadata using a static User Agent string. Attackers configure their web servers to recognize that user agent and redirect the bot to a legitimate site (like cnn[.]com), creating a clean preview. But when regular users click, they’re silently redirected to scam domains like ipresale[.]world.


In some cases, attackers use link shorteners such as bit[.]ly, which initially point to a reputable site for preview generation, only to switch to malicious pages once the ad is live.


These phishing links often pass through several redirects (including t[.]co) before landing on professionally designed scam sites. Victims are shown fake endorsements from Apple CEO Tim Cook and encouraged to deposit funds into one of 22 crypto wallets across Bitcoin, Ethereum, and Solana networks.

Expanding Operation with Global Footprint


Further investigation uncovered nearly 90 related domains active since 2024. The attackers used consistent infrastructure – shared files, icons, IP addresses (e.g., 51.15.17[.]214), and name servers (ns1.chsw.host) – to run the scam network.


The campaign’s second wave launched via new X ads on May 5, 2025, redirecting users through chopinkos[.]digital to itokensale[.]live, featuring nearly identical scam content and Apple branding abuse.


Some associated domains even tied back to suspicious .ru regions, though definitive attribution to a specific group remains unconfirmed.

What This Means for Users and Platforms


This incident highlights the sophistication of modern social media ad fraud and the risks of platforms relying on client-side redirection without robust URL verification. Silent Push recommends urgent improvements to X’s ad review and metadata systems and greater user vigilance.


As ad scams grow more deceptive, users should not only think twice before clicking but also regularly clean up past content. Tools like TweetDeleter let you delete old tweets and manage your social media history – an essential step in staying safe online.

Source: gbhackers.com

Related posts

X to Charge for Ad Size and Ban Hashtags, Musk Confirms

X to Charge Advertisers by Ad Size and Ban Hashtags

July 20, 2025

Elon Musk announces X will charge ads based on vertical size and ban hashtags to improve user experience on the platform.
Read more →
 Blake Griffin Says Dunk Made Kendrick Perkins Delete Twitter

Blake Griffin Says Dunk Made Kendrick Perkins Delete X Account

July 16, 2025

Blake Griffin claims Kendrick Perkins deleted his X account after getting dunked on. The NBA moment lives rent-free in Griffin’s résumé.
Read more →
Why Simone Biles Deleted Her Twitter (X) Account

Why Simone Biles Deleted Her X (Twitter) Account

July 03, 2025

Simone Biles deleted her X account after a heated clash with Riley Gaines over trans inclusion in sports. Her silence now speaks louder than words.
Read more →

Save yourself the hassle.

Get started for free.