The social media platform formerly known as Twitter, now known as X.
These accounts, which have been independently verified by X as belonging to high-profile organizations or celebrities, are being sold for up to $2,000 on underground marketplaces.
Research firm, has discovered a surge in these accounts appearing on dark web in the underground dark web markets, dubbing it a hot "Gold Rush".
Dark web leak
Cybercriminals are employing brute-force tactics or malware to steal passwords and credentials, gaining access to existing Gold accounts. Neither of these confirmed by the X.
Additionally, they are taking over inactive non-Gold accounts associated with legitimate organizations and upgrading them to verified status.
Underground dark web forums and dark web markets are offering hundreds of these accounts, which have a reach of tens of thousands of followers.
The research reveals that Dark Web marketplaces are flooded with advertisements selling Twitter Gold accounts, with prices ranging from $35 for basic accounts to $2,000 for accounts with a substantial following.
Malicious actors who purchase these accounts can utilize them for various nefarious activities, including hosting phishing links, launching disinformation campaigns and financial scams, and tarnishing brand reputation through damaging content.
Vitalik Buterin Case
Vitaly Dmitrievich Buterin, better known as Vitalik Buterin, is a Russian-Canadian computer programmer, and co-founder of Ethereum.
The researchers highlighted the danger posed to organizations by sharing an example from September, where cyber attackers took control of an X account belonging to Vitalik Buterin, the co-founder of Ethereum.
They then tweeted an offer for supposedly free nonfungible tokens (NFTs), embedding a malicious link that redirected users to a fraudulent website designed to drain cryptocurrency from their wallets.
In just 20 minutes, the hackers managed to steal a staggering $691,000 worth of digital assets before removing the fraudulent post.
With gold checkmarks
To protect against X account takeover, organizations regularly monitor brand mentions on Twitter and implement robust password policies. Effective brand monitoring involves identifying fake profiles, unauthorized product listings, misleading advertisements, and malicious content.
Sec case , fake Bitcoin ETF approval