Tron DAO Fake Token Twitter/X Account Compromised
Notice: This page is a freshly imported case study from the original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. Please help restructure the content by moving information from the 'General Prevention' sections to other prevention sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Tron DAO is a community-governed organization overseeing the TRON blockchain ecosystem, which supports decentralized applications across gaming, finance, multimedia, and more. In May 2025, Tron DAO’s X (Twitter) account was compromised via a social engineering attack targeting a team member, leading to unauthorized posts, scam direct messages, and roughly $45,000 stolen through a fraudulent contract. While the breach did not affect TRON’s core blockchain infrastructure, it exposed vulnerabilities in access controls and security training. Tron DAO quickly regained control, issued warnings, and continues to investigate the incident in collaboration with law enforcement, urging the community to remain vigilant as the perpetrators have yet to be identified or apprehended.[1][2][3][4][5][6][7][8][9][10][11][12][13][14]
About Tron DAO
TRON DAO is a decentralized autonomous organization (DAO) that governs the TRON blockchain ecosystem. Originally founded in 2017 as the TRON network, it transitioned to a DAO structure in December 2021 to emphasize community-driven governance. The platform's core mission is to empower decentralized commerce and community on a global scale by supporting the development of decentralized applications (dApps) and financial tools. With over 311 million accounts and more than 10.5 billion transactions, TRON has positioned itself as one of the most active blockchain ecosystems in the world.
The TRON DAO focuses on enabling developers and users alike through robust infrastructure, educational resources, and accessible tools. Its architecture supports a wide range of applications across industries like gaming, finance, multimedia, and digital art. The platform promotes low barriers to entry, allowing individuals at any experience level to build, test, and deploy blockchain projects through its TestNet and developer tutorials.
In addition to supporting development, TRON DAO is actively involved in fostering innovation through initiatives like TRON DAO Ventures. These efforts aim to decentralize the web further and scale Web3 adoption. TRON also provides knowledge resources like TRONpedia to demystify blockchain and crypto concepts for users of all backgrounds. Ultimately, TRON DAO seeks to become the foundational infrastructure for decentralized money and community, shaping how value is exchanged globally.
The Reality
Unfortunately, Tron DAO appears to have lacked sufficient preventative safeguards, particularly in areas like access control, employee security training, and incident response readiness. The multi-factor authentication may not have been enforced or properly configured, and the team member targeted may not have been adequately equipped to detect or resist phishing tactics.
What Happened
A hacker gained control of Tron DAO’s X account through a social engineering attack on a team member, using it to post a fake contract address and solicit payments, resulting in approximately $45,000 in losses.
| Date | Event | Description |
|---|---|---|
| May 2nd, 2025 5:17:00 AM MDT | Token 2049 Post Made | Tron posts about Token 2049, which is the last legitimate post prior to the compromise. |
| May 2nd, 2025 11:25:00 AM MDT | Account Compromise Timestamp | The reported timestamp of the Tron DAO Twitter/X account being compromised. |
| May 2nd, 2025 6:17:00 PM MDT | Tron DAO Compromise Tweet | Tron DAO posts on Twitter/X: On May 2, 2025, from 9:25 AM PST, Tron DAO’s X (Twitter) account was compromised in a targeted social engineering attack. During the breach, an unauthorized party published a fake contract address, sent direct messages, and followed unknown accounts. Tron DAO emphasized it will never post contract addresses or send unsolicited DMs. Users who received messages during that time should delete them immediately. The attack stemmed from a team member’s compromised account, and the perpetrator continued attempts to exploit the situation even after access was restored. Suspected accounts linked to the attacker include @flacadivinaroja and @behisollg on X, and @EmanAbioo on Telegram. Tron DAO is actively investigating and working with law enforcement to resolve the matter. |
| May 3rd, 2025 5:12:00 AM MDT | Star Xu Claims No Receipt | In response to public accusations that a request was sent from law enforcement to freeze funds related to the account breach, Star Xu from OKX claims they have double checked and never received anything related to the incident. |
| May 3rd, 2025 5:21:00 AM MDT | Justin Sun Private Message | Justin Sun proposes to send the original email message from law enforcement to Star Xu via private message. |
| May 3rd, 2025 8:53:54 PM MDT | CoinTelegraph OKX Article | CoinTelegraph reports that OKX has pushed back against allegations from Tron founder Justin Sun, who claimed the exchange ignored a law enforcement request to freeze funds stolen during the May 2 hack of Tron’s X account. OKX CEO Star Xu stated that the exchange had not received any official communication regarding the freeze, even after checking spam folders, and criticized Sun for expecting action based on a social media post or verbal message. Xu called on Sun to provide a screenshot of the request to verify his claims. The incident follows a broader pattern of recent crypto-related security breaches on X. |
| May 5th, 2025 9:14:21 PM MDT | CoinTelegraph Impact Article | CoinTelegraph reports that the recent hack of Tron DAO's X account resulted in approximately $45,000 in losses for victims, according to a Tron spokesperson. The attacker used the compromised account on May 2 to post a fake contract address and send direct messages offering paid promotions. Tron quickly regained control and confirmed the breach was the result of a social engineering attack on a team member. The team is still investigating and working with law enforcement, while also noting possible similarities to a May 3 hack of the New York Post’s X account. Tron founder Justin Sun has also accused OKX of not acting on a freeze request for the stolen funds, a claim OKX CEO Star Xu denies. |
| May 6th, 2025 10:33:00 AM MDT | Warning Community To Be Cautious | Tron DAO urges the community to stay vigilant and reminds everyone that they will never ask for payments via direct messages or shared links. |
Technical Details
The breach, attributed to a social engineering attack targeting a team member, led to unauthorized posts containing a contract address, unsolicited direct messages, and the following of unfamiliar accounts.
The Tron DAO X account breach appear to center around a social engineering attack rather than a direct exploitation of software vulnerabilities or platform infrastructure. According to Tron DAO, the attacker targeted a team member and successfully compromised their access credentials. Social engineering attacks typically involve manipulating a person into revealing confidential information—such as login credentials—via phishing emails, fake login portals, or impersonation tactics. Once the attacker gained control of the team member’s account, they used that access to take over Tron DAO’s official X (Twitter) account.
With control of the account, the attacker published a malicious smart contract address and began sending unsolicited direct messages (DMs) to Tron DAO’s followers. These messages falsely offered promotional opportunities and asked for payments, thereby exploiting the trust followers had in the verified account. The attacker also followed unfamiliar accounts, likely in an attempt to expand their reach or give legitimacy to associated fraudulent campaigns.
Total Amount Lost
Approximately $45,000 was stolen through a fraudulent contract address and unsolicited direct messages.
The total amount lost has been estimated at $45,000 USD.
Immediate Reactions
Once the intrusion was detected, Tron’s security team swiftly revoked access and restored control. Tron DAO promptly secured the account and issued a public warning, emphasizing that they never solicit payments via direct messages and advising users to delete any received messages from that day. The organization also identified several accounts believed to be associated with the attacker.
Tron DAO did not report any breach of its blockchain infrastructure, smart contracts, or wallet systems—only its social media presence was compromised.
Ultimate Outcome
The hack of Tron DAO's X account remains unresolved. Despite regaining control of the account, no funds have been recovered, and the perpetrators have not been identified or apprehended. The community is advised to remain vigilant against similar scams.
Total Amount Recovered
As of the latest reports, no lost funds have been recovered from the Tron DAO X account hack. Tron DAO has confirmed approximately $45,000 was stolen, and while they are actively investigating and working with law enforcement, there has been no public indication that any of the funds have been retrieved.
There do not appear to have been any funds recovered in this case.
Ongoing Developments
Tron DAO continues to investigate the incident and is in communication with law enforcement. The team continues to analyze how the breach occurred, assess its full impact, and work with law enforcement to identify those responsible. Tron also noted possible links to other recent hacks, such as the New York Post’s X account, but said it's too early to confirm any connection.
General Prevention Policies
The incident highlights the need for enhanced multi-factor authentication (MFA), secure credential management, and employee training on phishing and social engineering tactics to prevent similar breaches in the future.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Tron DAO - "We’re aware that our X account was compromised from 9:25 AM PST on May 2, 2025. During this time, an unauthorized party published a post containing a contract address (CA), sent direct messages (DMs), and followed various accounts unknown to us." - Twitter/X (Accessed Jun 4, 2025)
- ↑ Tron DAO Twitter/X (Accessed Jun 4, 2025)
- ↑ Tron Logo - 1000Logos.net (Accessed Jun 4, 2025)
- ↑ Star Xu - "Dear Mr H.E. Justin Sun, our LE cooperation team just checked the email including spam box, we haven’t received any request related with this case. Can you give us the screenshot to show when the enforcement agency send the request to us? @justinsuntron" - Twitter/X (Accessed Jun 4, 2025)
- ↑ [@justinsuntron" - Twitter/X @justinsuntron" - Twitter/X] (Accessed Jun 4, 2025)
- ↑ Tron DAO Homepage (Accessed Jun 4, 2025)
- ↑ Lpphong - Original Post By Justin Sun - Twitter/X (Accessed Jun 4, 2025)
- ↑ Star Xu - "Dear Mr H.E. Justin Sun, OKX has public LE cooperation policy. You can offer some preliminary evidence of the incident through the public reporting channels, we will do a temporary urgent freeze according to the evidence. Then you should work with LE agents to offer us legal documents to continue the freeze. OKX also has consumers protection policy according to law, we can’t freeze a customer’s funds according to your personal X post or an oral communication. I think you should understand it as the CEO of HTX." - Twitter/X (Accessed Jun 4, 2025)
- ↑ Justin Sun - "will send you privately" - Twitter/X (Accessed Jun 4, 2025)
- ↑ Tron says DAO X hack cost victims $45K, Curve Finance also hit - CoinTelegraph (Accessed Jun 4, 2025)
- ↑ OKX fires back at Tron’s Justin Sun over mysterious ‘freeze notice’ - CoinTelegraph (Accessed Jun 4, 2025)
- ↑ TRON's X Account Hacked in Social Engineering Attack - A Invest (Accessed Jun 4, 2025)
- ↑ TRON’s X account hacked in the latest social engineering attack - CryptoSlate (Accessed Jun 4, 2025)
- ↑ Tron DAO - "We ask the community to stay vigilant. We will never ask for payments via DM or shared links." - Twitter/X (Accessed Jun 4, 2025)