Hackers gained access to Sheffield United football team’s official X account on Monday afternoon, using the verified profile to promote a fraudulent cryptocurrency token.
The attackers took advantage of the football club’s reputation and existing partnership with its principal partner, Maneki, a cryptocurrency on the Solana blockchain, to create an illusion of legitimacy for the fake $SUFC token.
The compromised account posted images of Sheffield United players alongside a fabricated announcement claiming the club had officially entered the cryptocurrency market via Solana. The post included a wallet address and promises of exclusive fan experiences, loyalty rewards, voting rights on club decisions, and access to limited merchandise drops.
How the Attack Unfolded
The hackers’ strategy involved multiple posts designed to build credibility for the scam. Initial messages referenced a supposed strategic partnership with Solana, attempting to capitalize on Sheffield United’s actual blockchain collaborations. They then shared old videos of the team for marketing purposes to make it look more real.
The fraudulent $SUFC token appeared on cryptocurrency tracking platforms within minutes of the hack. Its price dropped after a suspected dump, and approximately $2.4m traded within an hour.
Sheffield United’s Official Response
Sheffield United swiftly published an alert across its official channels, confirming the unauthorized access to its X social media account. The club stated on its website, reading,
“Due to an online attack, Sheffield United’s X social media account has been temporarily compromised. Any posts, interactions, or private messages made from the account are not authorized by the club.”
The football club assured supporters they were working to regain control of the account and warned fans against interacting with cryptocurrency promotions. Their security team began coordinating with platform administrators at X to secure their profile and investigate the breach.
Aftermath of the Hack
Once users began questioning the account’s legitimacy, the hackers abandoned their professional facade. They started trolling Sheffield United’s arch-rivals, specifically targeting Sheffield Wednesday’s captain, Barry Bannan, with mocking comments.
The hackers then shifted focus from Bannan, following up with another post reading: “Let’s forget Barry Bannan. New topic: MUFC > City.”
The compromised account also blocked numerous fans who questioned the legitimacy of the posts. After being unable to interact with the main profile, these supporters contacted Sheffield United’s fan services account for assistance.
Red Flags Exposing the Scam
Several indicators revealed the fraudulent nature of the $SUFC token promotion despite its appearance on a verified account:
- The token’s extremely young age coincides precisely with the hack
- Abnormally high 24-hour trading volume for a newly launched token
- Grammatical errors and stylistic inconsistencies in promotional content
- Lack of link to official website story
Technical analysis of the token contract showed classic signs of a “pump and dump” scheme, with the contract creator maintaining significant control over the token supply and liquidity pools. One should always conduct their own research before purchasing or selling cryptocurrency and validate any claims from organizations or individuals.
Once the account was back in Sheffield United’s hands, the fraudulent posts and replies were deleted, although some people remain blocked. The club has yet to make a statement following the return of the account.
READ MORE: Hackers Demand $20M in Bitcoin from Coinbase
