TL;DR
Fell for a phishing scam disguised as X Support, scammers gained access to our account, reset passwords, and enabled 2FA. They posted fraudulent messages, which we immediately countered.
Paused marketing, engaged a security firm & UK cyber crime division, and took down a second wave of scam posts.
Worked with X contacts via partners. X locked down the account and provided recovery steps. Within 10 minutes, we regained full control.
Strengthened security measures, applied for a Gold Checkmark, and resumed engagement with IDO partners.
Our Twitter/X account is not linked to any user data and there has been no risk of user data being leaked.
Our biggest learning, not treating our Social Media accounts with the same level of scrutiny as our core application.
Friday, Jan 31th
Our X account has been fully restored, and we are now in the process of applying for a Gold Checkmark to further secure our presence. To reinforce security, an external security firm is conducting an in-depth review, while our internal audit has strengthened key systems with enhanced security measures. Additionally, we are implementing new security protocols, increasing team training, and ensuring that best practices are followed to prevent future incidents. With these safeguards in place, we are now actively re-engaging with our IDO partners to resume the IDO process and move forward with confidence. 🚀
Thursday, Jan 30th - Afternoon
At 1pm CET, one partner confirmed he had spoken with someone in X who could help and that that person would look into things, and that we should expect an email shortly. Around 4 PM CET, X Support responded, confirming that they had locked down the account and logged everyone out, and sent us instructions on next steps to regain control. Within 10 minutes after receiving the help from X Support our marketing team had regained control of the account. We were relieved and excited to announce the good news and are incredibly grateful to our community and everyone who supported us throughout this process. Your patience, vigilance, and trust mean the world to us!
Thursday, Jan 30th - Morning
We continued reaching out to X Support and closely monitoring our account for any further suspicious activity. Additionally we confirmed with two different partners that they would speak to X on our behalf to escalate our case.
With still no concrete word from X and a desire to be transparent and open with our community, we published the announcement below to Telegram and Discord.
""Important Update on Our IDOs & TGE We have made the decision to pause our IDOs until we have resolved the issue with our X account access. We have multiple parties now working to expedite this process with X, external security companies and the UK police.
We strongly believe that running a successful IDO requires full access to all of our communication channels and no doubt in anybody's mind that all channels are fully in the control of our team.
It is our current understanding that these issues take around 48 hours - 2 weeks to resolve. With this uncertainty we as a team believe our best path forward is to give our representatives and the team at X a bit more time to resolve this unfortunate situation.
Therefore we have instructed our LaunchPad partners to put our IDO on hold.
We are now, and have been since the beginning of this incident, trying to do everything in our power to keep our community and future token holders safe and confident in the knowledge that we have their best interests at heart.
We appreciate your patience and understanding during this time and your continued support in combating false messages from the compromised X account (please use the report post feature).
We will be publishing a LIVE UPDATE thread on our blog in the coming hours where you will all be able to check out the latest, in a bid to be as transparent about everything going on as possible.
Thank you for being part of this incredible community and the Hivello journey. We are confident we will have good news about the X account soon, along with more clarity on the dates and details of our token launch.""
Wednesday, Jan 29th
Throughout Wednesday, we regrouped and explored all possible ways to escalate the situation and secure faster support to fully regain access to our account. We reached out to more partners and informed our community, ensuring they were aware of the issue. Since no scam posts were made during the day, we continued closely monitoring the account. At the same time, we paused all marketing efforts, especially around our IDO, to prevent any confusion or further risk to our community. However, a few previously scheduled posts still went out as planned.
We engaged the services of a forensic security firm to investigate the scammers and their illegal activity to try and figure out who they were. We also prepared a report of everything we knew about what had happened for the cyber crime division of the UK police.
Later that evening, around 11 PM CET, we noticed a second wave of fraudulent posts appearing on our account. We acted immediately, reporting them and ensuring they were taken down. Our top priority remained protecting our community from scams and keeping them informed. After that, no further scam posts were made for the rest of the night.
Tuesday, Jan 28th, 1PM - CET
We received an email claiming to be from X Support, stating that some of our content needed to be appealed and warning that if we fail to do so that our account would be suspended. The message created a sense of urgency, saying we had only 24 hours to resolve the issue or our account would be permanently suspended. With our IDO just days away and a lot of pressure to deliver marketing across a half dozen channels, in that busyness a human error was made. A situation very common and in fact engineered by the scammers.
A member of our social media team acted quickly, rushing to submit an appeal assuming that they were in fact interacting with X. The mistake was innocent and honest and played into exactly what the scammers were hoping for.
The scammers cloned the X Help Center and used an email template identical to official X communications we are used to receiving. Within the fake website, they prompted us to respond to the suspension notice, verify our account by logging into the X help center. Unfortunately, by entering our credentials, they got exactly what they came for—access to our account.
They immediately changed our password and implemented new 2fa effectively locking out our ability to use the Forgot Password function. Within 4 minutes our social media team had escalated the issue to our CMO, Head of Operations and CTO. A few minutes later we had uncovered the true nature of what had happened and contacted X Premium Support to help us resolve the issue. Around 8 PM CET, the scammers posted their first fraudulent messages. We acted immediately, reporting the posts, issuing warnings in the comments, and recruiting the help of our awesome community to also jump into the comments and call out the scammers. In a bid to scam our community the scammers set up pump.fun and fake HVLO Contracts.
We activated our community mods, agency partners and began calling all stakeholders, from launchpads to investors and media partners. Looking for advice, and any connection we might be able to use to get X support to move more quickly. We began monitoring the account 24/7, jumping onto every scam post as they appeared. After that initial wave, no further posts were made for the rest of the night.