Hackers have reportedly taken over the New York Post’s verified X (formerly Twitter) account to target members of the crypto community with fake interview offers and phishing attempts.
Several users have reported receiving suspicious direct messages from the account, inviting them to appear on a podcast and follow up via Telegram—a common platform used in crypto scams.
Fake Interviews Used to Lure Victims
The scam first surfaced on May 3, when Kerberus CEO Alex Katz shared a screenshot of a direct message, which appeared to come from journalist Paul Sperry via the official @nypost account. The message invited users to participate in a podcast interview.
Cybersecurity expert and NFT collector “Drew” noted a key difference from previous hacks: rather than publicly sharing a malicious link or wallet address, the attacker instead sent private messages and blocked recipients from replying. This tactic likely helped delay detection of the breach by the New York Post’s team.
Zoom Now a New Vector for Crypto Scams
Others in the crypto space, including Donny Clutterbuck of the NFT Ordinals project Fomojis, said they were also contacted. He suggested the scam might involve a Zoom exploit—where enabling audio during a video call could inadvertently grant network access to the attacker.
Zoom has become an increasingly common tool for crypto scams. In April, Emblem Vault CEO Jake Gallen warned users after losing $100,000 in crypto assets during a Zoom call arranged via X. The attacker reportedly installed malware during the session, draining his wallets.
Pattern Mirrors Other Recent Social Media Breaches
Blockchain investigator ZachXBT noted that this incident closely resembles a recent hack of The Defiant’s X account, where attackers also sent direct messages to crypto users as part of a broader phishing campaign.
So far, the New York Post and journalist Paul Sperry have not issued any statements about the breach, and no warning has been posted on their X profiles.
This isn’t the first time the New York Post’s X account has been compromised. In 2022, an internal employee used it to publish offensive fake headlines.
