The official X account for Milwaukee Mitchell International Airport (MKE) was compromised by cryptocurrency scammers on Thursday. The hackers began posting a significant amount of cryptocurrency-related content and messages concerning the alleged capture of Nicolás Maduro in Venezuela. Many of the posts were reposts from the official @Bitcoin X account.
Hackers Promote Crypto on the Stolen Page
The scammers altered the handle of the verified MKE – Milwaukee Airport X page. The compromised account was subsequently renamed @TheHodaLaw, featuring the Hoda Law Firm in its profile picture and a cover photo that directed users to the firm's website.
In an attempt to legitimize their operation, the hackers pinned a message to the account. This message warned users about cryptocurrency fraud and falsely promised assistance in recovering stolen funds, including a prominent call to action and a button for private messaging.
The official website for Milwaukee Mitchell International Airport initially contained a link to the hacked X account. However, this link redirected users to an "This Account Doesn’t Exist" page on X, indicating the account had been changed. The legitimate X account handle for the airport was @mitchellairport.
Harold Mester, the public affairs director for Milwaukee Mitchell International Airport, confirmed to WISN 12 News that the airport had reported the issue to X and was awaiting the restoration of access to their account. Mester also stated that the airport's security team was investigating the incident and considering contacting law enforcement if necessary.
The Real Hoda Law Firm Responds
The Hoda Law Firm, whose name was used by the scammers on the compromised account, issued a response to local news outlets. Marshal Hoda, the owner of the law firm, stated that he was unaware of the hacking incident.
The Hoda Law Firm, based in Texas, specializes in assisting victims in recovering funds lost to cryptocurrency scams. The firm has previously filed lawsuits against foreign hackers on behalf of clients who were victims of crypto scams.
Hoda speculated that an adversary might be responsible for this impersonation. He explicitly stated, “This has nothing to do with our firm and urge everyone to stay away — these are presumably scammers trying to trade on my firm’s hard-earned reputation to take more money from scam victims.”
Following the incident, the Hoda Law Firm added a warning to its homepage addressing the impersonation.
Cybersecurity researchers have advised users to refrain from interacting with the compromised X account until the situation is fully resolved.
Crypto Hackers Continue to Target Major X Accounts
Over an extended period, cryptocurrency hackers have repeatedly targeted and taken over numerous verified X accounts to propagate Bitcoin scams.
In December, the X account belonging to SimpleX Chat was also hacked. The attackers exploited the compromised account to promote a fraudulent website designed to trick users into linking their cryptocurrency wallets.
SimpleX reported that the perpetrators utilized the "delegate" feature available on X. This feature allowed third-party profiles to gain posting privileges on business accounts.
The hacker gained access to the @SimpleXChat account. Shortly thereafter, a post was published promoting a fake program titled "Perpetuals Early Access," which included a link to a deceptive website.
The deceptive post invited users to become founding members of a perpetual communication network. The primary objective was to entice users into clicking a "Connect Wallet" button, mimicking legitimate Web3 projects.
SimpleX successfully regained control of its X account. Community members had reported the fraudulent post before it was removed. Evgeny Poberezkin, the founder of SimpleX, stated that the attackers had blocked his personal account during the breach to prevent him from issuing public warnings.