Watcher.guru Twitter/X Compromise XRP Price Manipulation
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Watcher Guru is a prominent finance news platform focused on cryptocurrency, blockchain, and decentralized finance, aiming to support the transition to a decentralized financial system through fast, reliable content and real-time alerts. On March 5, 2025, their Twitter/X account was compromised after reportedly accessing a suspicious Twitter-based link, leading to a false post about SWIFT and Ripple. The post spread automatically across their platforms but was removed within minutes. Watcher Guru updated their credentials and contacted Twitter/X for clarification, though the exact cause and any financial impact remain unclear.[1][2]
About Watcher.guru
Watcher Guru is a leading finance news platform with a strong focus on cryptocurrency, blockchain, and decentralized finance. They report their mission being to support a global shift toward a decentralized financial system by delivering reliable and high-quality content through a dedicated team of reporters and media professionals.
They aim to publish fast, headline-style alerts to get information out immediately, even before full articles are ready. This allows readers to stay ahead in a market where timing can make a big difference.
They also provide financial tools like charts to help users better understand the market. Their news alerts are available across all major social media platforms, including Twitter, Telegram, Facebook, Instagram, and Discord.
The Reality
On March 5th, Watcher.guru reported having been presented with, and accessing, a suspicious link which was part of the Twitter website. They believe that accessing this link may have contributed to the later exploit of their account.
What Happened
On March 20th, Watcher.guru's Twitter account posted an unauthorized Tweet, which claimed that XRP was integrating with the Swift system.
| Date | Event | Description |
|---|---|---|
| March 5th, 2025 6:09:00 AM MST | Watcher.guru Suspicious Link | Watcher.guru reports being tricked into clicking on a suspicious link with /c/ and a tts_token included in the URL. The team sent a message to Christopher Stanley, who is in charge of security at Twitter/X, to get more detail about the potential implications of the link. |
| March 20th, 2025 8:05:00 PM MDT | Unauthorized Tweet Posted | The Watcher.guru Twitter/X account posts a tweet |
| March 20th, 2025 11:32:00 PM MDT | Watcher.guru Announces Unauthorized Tweet | Watcher.guru reports that on March 21st at 2:05 AM UTC, an unauthorized post was made to their X account, which was promptly deleted within minutes. The post was automatically redistributed across their social media platforms via a reposting bot. Despite having 2FA, no connected apps, and no API usage, they suspect a possible compromise involving an X employee, similar to a recent incident affecting another account. All devices were logged out, passwords reset, and affected posts removed. The attacker also blocked Ripple and Brad Garlinghouse, likely to delay any response debunking the false post. Watcher.guru is currently investigating the source of the breach with assistance from X. |
Technical Details
The specific tweet reads as follows:
"JUST IN: SWIFT nearing agreement with Ripple to use $XRP for cross-border payments, with billions of $XRP secured in escrow as liquidity reserves."
Watcher Guru's headquarters is located in Houston, Texas, United States . Houston operates on Central Time (CT), which is UTC−6 during Standard Time and UTC−5 during Daylight Saving Time. Therefore, the message to Christopher Stanley is suspected to have been sent on March 5th, 2025 at 6:09 AM mountain time.
Total Amount Lost
It is unclear what specific losses happened. Any losses are suspected to be related to price movements in the price of XRP.
No funds were lost.
Immediate Reactions
The post was automatically reported across other social networks such as Telegram, Facebook, and Discord. This is because Watcher.guru has an automated system to perform this reposting based on the initial post.
Watcher.guru reported that the post was removed within a few minutes.
Ultimate Outcome
Watcher.guru changed all credentials and reportedly reached out to the Twitter/X team for further clarification.
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
It is unclear if Twitter/X gave any explanation for how the Watcher.guru account was exploited.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Watcher.guru - "Our X account was hacked today. We sent a message to an X employee two weeks ago after we suspected an attempt was made to compromise our account." - Twitter/X (Accessed May 12, 2025)
- ↑ Watcher.guru Homepage (Accessed May 12, 2025)