Watcher Guru’s X Account Hacked to Spread Fake News
Crypto-focused media outlet Watcher Guru confirmed that its official X account was hacked to promote a fake report claiming Ripple and SWIFT were close to a deal to use XRP in global payment systems.
Unauthorized Post Sparks Confusion
The unauthorized post went live on March 21 at 2:05 A.M. UTC. It falsely stated that Ripple would soon partner with SWIFT and that billions of XRP had been locked in escrow as liquidity reserves.
- The post quickly gained attention and sparked excitement in the XRP community.
- Many users believed the false report to be true.
Clarification by Watcher Guru
Shortly after, Watcher Guru clarified the situation, confirming that the post did not come from their team. They stated:
“Our X account has been hacked and the previous post (now deleted) was posted by a hacker. We have 2FA enabled and have taken extreme measures to avoid hacks.”
Reposting Bot Amplifies the Issue
Due to automation, the same false report was shared on Watcher Guru’s other social media accounts, including Telegram, Facebook, and Discord. The team said the reposting bot pushed the content to all channels before the issue was spotted.
Attacker’s Actions
Watcher Guru stated that the attacker had blocked Ripple’s official X account and that of its CEO Brad Garlinghouse to “presumably slow down a ‘false report’ response from their team.”
Understanding the Breach
Watcher Guru believes the breach may have started weeks earlier as its team had received a suspicious X link through Telegram on March 5. According to the team:
“We noticed the link was formatted in a strange way. It was an official X Developer staging site using X’s official domain, however it included a specific path and ‘token’ query string which X links do not normally have.”
Watcher Guru continued that while it cannot confirm the link that caused the hack, the firm noted that its breach resembled that of DB News, another crypto media outlet.
According to Watcher Guru, its account, like DB News, had two-factor authentication enabled, no connected apps, and no API tokens were used to post the false information.
“At this time, we have not yet determined the exact source or method behind the hack. All unauthorized posts have been removed, and our account has been secured. We are contacting X for further clarification.”
