Background Overview

There has been a recent surge in incidents where Web3 projects or public figures have had their X accounts hacked and used to post phishing tweets. Hackers employ various techniques to steal user accounts, with some of the more common methods including:

• Tricking users into clicking on fake Calendly or Kakao meeting invitation links, which then allow them to hijack account permissions or take control of users’ devices;
• Sending direct messages that lure users into downloading malicious software (disguised as games, meeting apps, etc.), which can steal private keys, mnemonic phrases, and potentially compromise X account security;
• Exploiting SIM Swap attacks to gain control of X accounts that are tied to a phone number.

The SlowMist security team has helped resolve several such incidents. For example, on July 20th, the X account of the TinTinLand project team was hacked, and the attacker posted a phishing link as a pinned tweet. With SlowMist’s assistance, TinTinLand quickly regained control of the account, reviewed its authorizations, and strengthened its security measures.

Due to the frequent occurrences of account breaches, many users are unsure of how to improve the security of their X accounts. In this article, the SlowMist security team will guide you through the process of performing authorization checks and setting up security measures for your X account. Below are the detailed steps.

Authorization Check

Let’s use the web version as an example. After navigating to the x.com page, click on the “More” option in the sidebar, and then select “Settings and privacy.” This area is where you can configure your account’s security and privacy settings.

Once you’re in the “Settings” section, choose “Security and account access” to manage your account’s security settings and control authorized access.

Review Authorized Applications

Phishing attacks often exploit users who inadvertently click on authorization links, granting unauthorized apps permission to post tweets from their X accounts. These compromised accounts are then used to send phishing messages.

How to Check: Go to the “Apps and sessions” section to review which applications have been granted access to your account. In the example below, the demonstration account has authorized these three applications.

When you select a specific application, you’ll be able to view the permissions it has been granted. If needed, you can remove these permissions by clicking “Revoke app permissions.”

Review Delegation Status

How to Check: Navigate to Settings → Security and account access → Delegate.

If you notice that your account has the “Allow invitations to manage” option enabled, you should go to “Members you’ve delegated” to review which accounts have access to your account. If these shared permissions are no longer needed, you should revoke the delegation immediately.

Check for Unusual Login Activity

If you suspect that your account has been accessed maliciously, you can review the login logs to identify any suspicious devices, dates, or locations.

How to Check: Go to Settings → Security and account access → Apps and sessions → Account access history.

As illustrated below, when you access “Account access history,” you can see details such as the device model, login date, IP address, and location. If you notice any unusual login activity, it could be a sign that your account has been compromised.

Check Logged-In Devices

If your X account has been compromised and you suspect unauthorized logins, you can review the devices currently logged into your account and remove the malicious device from the session.

How to Check: Choose “Log out the device shown” to log your account out from the specific device.

Security Settings

Enable 2FA (Two-Factor Authentication) To safeguard your account, you can enable 2FA, which adds an extra layer of security and helps prevent your account from being easily taken over if your password is compromised.

How to Configure: Go to Settings → Security and account access → Security → Two-factor authentication.

You can choose from the following 2FA options to strengthen your account’s security: SMS verification codes, authentication apps, and security keys.

Additional Password Protection

Beyond setting your account password and enabling 2FA, you can further secure your X account by turning on additional password protection.

How to Configure: Go to Settings → Security and account access → Security → Additional password protection.

Summary

Regularly reviewing authorized apps and monitoring login activity is essential for keeping your account secure. The SlowMist security team advises users to routinely follow the outlined steps to perform authorization checks on their X accounts. This proactive approach will help reinforce your account’s security and minimize the risk of hacker attacks. If you suspect your account has been compromised, take immediate steps: change your password, review and revoke any suspicious authorizations, and enhance your account’s security settings.

Disclaimer：

1. This article is reprinted from [SlowMist Technology]. All copyrights belong to the original author [Yao]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.