Scam Network Earned Six-Figures From Single Token
On-chain investigator ZachXBT has uncovered a coordinated network of more than 10 high-follower accounts on X that collaborates to promote cryptocurrency scams. The group employs AI-generated fake personas to create and spread panic-inducing content, which is then amplified across the network to facilitate pump-and-dump schemes. One specific operation on February 22, 2026, involving the token $ORAMAMA, successfully generated over $100,000 in profits for the perpetrators. This revelation erodes investor trust in influencer-driven token promotions and puts pressure on platforms like X to strengthen moderation against coordinated inauthentic activity.
Scams Escalate Across GitHub and Tron
The tactics exposed by ZachXBT are part of a broader, systemic issue of fraud within the crypto space. On GitHub, attackers are targeting OpenClaw developers with phishing campaigns promising fake $5,000 CLAW token airdrops to lure them to wallet-draining sites. This follows other social engineering attacks, such as fraudsters impersonating the Indian crypto exchange CoinDCX to swindle investors out of at least $76,000 by promising 10-12% returns. The exchange has reported over 1,212 fake websites mimicking its platform since April 2024. Further, scammers on the Tron network are deploying fake "FBI" branded tokens to threaten users with asset freezes unless they submit personal information, a campaign that has reached over 728 wallets since its creation.
Platform Flaws Create Social Engineering Opportunities
Underlying security practices at major crypto companies are creating additional vectors for attack. Security researchers recently flagged a feature on Coinbase Commerce that instructs users to enter their seed phrases directly into a web form to perform withdrawals. Blockchain investigators, including ZachXBT, warned that attackers could easily replicate this process in phishing campaigns to trick users into handing over full control of their wallets. This process deviates sharply from industry security standards, which advise users never to input recovery phrases into any online form. The incident highlights how even legitimate platform functions, when poorly designed, can be exploited through social engineering, compounding risks for investors navigating the digital asset market.
