Tron DAO Hack Nets $45K in Scam Funds as Curve Finance Also Hit by X Account Breach

The official X (formerly Twitter) accounts of Tron DAO and Curve Finance were recently hijacked by scammers, adding to a troubling wave of high-profile account breaches targeting major players in the cryptocurrency space.

According to a Tron spokesperson, the hacker who gained control of the Tron DAO X account on May 2 managed to solicit approximately $45,000 through fraudulent posts. The attacker reportedly shared a contract address and sent direct messages to users offering paid promotions — all under the guise of being from the official Tron team.

“Our security team quickly identified the intrusion and cut off access to the hacker, but we ask the community to continue to be vigilant,” the Tron team told Cointelegraph. “We will never ask anyone for payments like this via DM or otherwise.”

Source: Tron DAO

Social Engineering Suspected in Tron Breach

Tron DAO has since regained control of the account and believes the compromise stemmed from a malicious social engineering attack that targeted one of their team members. Despite regaining access, the scammer continued to contact users, falsely offering promotional posts in exchange for crypto payments.

Tron founder Justin Sun also alleged that crypto exchange OKX failed to act on law enforcement’s request to freeze the stolen funds. However, OKX CEO Star Xu denied the accusation, and Sun later deleted his post.

While the full scope of the breach remains under investigation, Tron has hinted at possible links between its own hack and the May 3 breach of the New York Post’s X account, though emphasized that “any definitive connection would be premature.”

Curve Finance Account Hijacked by Scammer Promoting Fake Airdrop

On May 5, Curve Finance, a major decentralized finance (DeFi) protocol, was also targeted. A scammer posing as the platform used its X account to promote a fake CRV airdrop, prompting immediate suspicion from members of the crypto community.

Curve Finance founder Michael Egorov confirmed the hack, stating that the attacker had silently taken control of the account without compromising other systems. “No other account appears to be hacked — the control over X account was just silently taken by someone,” he replied to analyst CrediBULL Crypto.

Source: CrediBULL Crypto

Cybersecurity collective SEAL assisted Curve in recovering the account. During the breach, the hacker not only posted scam links but also blocked users who attempted to warn others about the attack, including CrediBULL Crypto.

Curve has not yet disclosed the technical details behind the breach. In response to user inquiries, the team said there is “no sign of any client-side compromise,” and the method of access remains “unclear.”

Growing List of Crypto-Related X Account Hacks

These incidents add to a rising number of high-profile crypto-related X account hacks in 2025:

• April 15: UK Member of Parliament Lucy Powell had her account hijacked to promote a scam token called House of Commons Coin (HOC).

• March 15: The account of crypto data platform Kaito AI, along with its founder Yu Hu, was compromised. Hackers falsely claimed user funds were at risk.

• February 26: The Pump.fun X account was hacked and used to promote fraudulent tokens, including a fake governance token for the platform.

The trend highlights the continued vulnerability of social media platforms used by crypto firms and influencers, with attackers relying heavily on phishing, social engineering, and third-party service vulnerabilities.

Source: Curve Finance

Industry Response and Recommendations

Security experts urge crypto projects and public figures to implement multi-factor authentication (MFA), audit account access, and monitor for suspicious activity. Additionally, platform providers like X have faced criticism for failing to provide sufficient account recovery support and breach prevention tools for high-risk accounts.

As investigations into the Tron and Curve breaches continue, both firms stress the importance of community vigilance and caution against interacting with unsolicited messages or links.