Quick Facts:
- Hackers compromised the X account of former Malaysian Prime Minister Mahathir Mohamad, promoting a fraudulent cryptocurrency named ‘MALAYSIA.’
- The scam resulted in a $1.7 million loss for investors within minutes, following a rapid increase in the token’s market capitalization and a subsequent ‘rug pull.’
- This incident reflects a broader trend of cybercriminals hijacking social media accounts of political figures to lend legitimacy to fraudulent crypto schemes.
- The cryptocurrency sector is experiencing a surge in various forms of fraud, including phishing attacks and fake token promotions.
In a brazen cyberattack, hackers commandeered the X (formerly Twitter) account of former Malaysian Prime Minister Mahathir Mohamad to promote a fraudulent cryptocurrency, resulting in the theft of $1.7 million from unsuspecting investors.
The cybercriminals utilized Mahathir’s compromised account to announce the launch of a supposed official national cryptocurrency named ‘MALAYSIA,’ allegedly built on the Solana blockchain. The post falsely portrayed the token as a symbol of the nation’s prowess in the digital economy. Despite being deleted within an hour, the fraudulent message attracted significant investor interest, leading to a rapid influx of funds into the scam coin. Analysis indicates that the token’s market capitalization soared to $1.7 million in just 15 minutes before the perpetrators executed a classic ‘rug pull,’ withdrawing the funds and leaving investors with worthless tokens.
Growing Trend of Political Figure Impersonation in Crypto Scams
This incident is part of an escalating pattern where hackers exploit the social media accounts of prominent political figures to lend credibility to fraudulent cryptocurrency schemes. A similar attack occurred last month involving the former President of Brazil, with indications that the Russian cybercriminal group Evil Corp may be behind these sophisticated operations. These scams often involve the creation of fake meme coins purportedly associated with well-known personalities or governmental entities, deceiving investors into believing they are legitimate ventures.
Similarly, just last night, The official X account of Solana’s second largest Dex, Jupiter was hacked to promote a fake Memecoin created using the name of the protocol’s pseudonymous founder, Meow. The attackers marauded all through the night shilling and promoting the coin until they were ultimately kicked out of the account after stealing over $20m Million.
Broader Implications and Rising Cyber Threats in the Crypto Space
The surge in social media-based crypto scams could be linked to a broader shift in cybercriminal tactics.
According to blockchain investigator ZachXBT, Coinbase users have lost approximately $150 million to various scams. Meanwhile, Scam Sniffer data points to a staggering 2,000% increase in Telegram phishing attacks since November.
Interestingly, a 2025 Chainalysis report found that ransomware payments declined significantly in 2024, suggesting that cybercriminals may be shifting strategies. With the traditional ransomware model—where hackers encrypt and steal victim data, demanding payment to prevent leaks—becoming less lucrative due to improved cybersecurity measures and law enforcement crackdowns, many cybercriminals appear to be pivoting to new attack vectors.
The recent rise in scam coin promotions using hacked accounts of prominent individuals could be a direct response to the decline in ransomware revenue. By hijacking high-profile accounts and promoting fraudulent tokens, these bad actors are effectively turning investors into exit liquidity, executing rug pulls within minutes before vanishing with stolen funds.
