IFTTT App Blamed for ‘Packy’ Token Scam on X

A recent wave of scam posts on X, a popular platform, has been attributed to a third-party auto-posting service called IFTTT (If This Then That). The scams involved promoting a meme token called “$PACKY” and encouraging users to send Solana (SOL) to a specific wallet address. Influential figures in the crypto world, including a16z adviser Packy McCormick and Coinbase product director Scott Shapiro, had their accounts compromised by scammers. McCormick alerted his followers to the hack and urged them not to click on any links or send money to random addresses.

McCormick later revealed that the hacker gained access to his account through IFTTT, a service he had given access to Twitter years ago. He advised users to revoke access to connected apps as a precautionary measure. IFTTT is an online platform that allows users to create automated workflows between various internet-based applications and services. ZachXBT, a blockchain investigator, also came to the same conclusion, further solidifying the link to IFTTT.

The scam posts affected other high-profile individuals in the crypto space, such as Justin Kan, co-founder of Twitch, and Bryan Brinkman, a digital pop artist. These individuals confirmed that their IFTTT accounts were compromised and apologized to their followers. They emphasized the importance of staying vigilant, even when using security measures like two-factor authentication.

Scott Shapiro, the Coinbase product director, cautioned against connecting older third-party apps, as they may pose security risks. He highlighted the need to revoke access to outdated apps, as many authentication tokens remain active for years. The hacker also targeted the accounts of Mike Demarais, co-founder of the Web3 explorer app Rainbow, and Joe McCann, founder and CEO of Asymmetric Finance.

It is worth noting that IFTTT did not respond to a request for comment from regarding the incident. X, the platform where the scams occurred, has been known to be a breeding ground for illicit activities, scams, and hacking incidents. This includes even the compromise of the official account of the U.S. Securities and Exchange Commission, which took place just a day before the regulator approved spot Bitcoin ETFs in January.