TRON DAO's X page was under siege by a hacker

For a moment, TRON DAO’s X page was under siege by a hacker who leveraged unauthorized access to publish a post with a contract address.

A hacker gained unauthorized access to TRON DAO's X page to post a message with a contract address, while TRON founder Justin Sun urged cryptocurrency exchange, OKX, to freeze funds linked to the exploit.

In the early hours of May 3, TRON DAO said its X account was compromised the previous day, and the hacker posted a message containing a contract address.

We’re aware that our X account was compromised from 9:25 AM PST on May 2, 2025. During this time, an unauthorized party published a post containing a contract address (CA), sent direct messages (DMs), and followed various accounts unknown to us.

Please be reminded: TRON DAO will…

— TRON DAO (@trondao) May 3, 2025

The hacker also sent direct messages to several accounts and clicked on the "Follow" button for some other X profiles, which were not completed with TRON DAO's permission.

"TRON DAO will never post contract addresses or send unsolicited DMs. If you received a DM from our account on May 2, please delete it and consider it the work of the attacker," the protocol stated.

As confirmed, the exploit came from the loopholes traced to a member of its team. The Tron DAO said, "a member of our team was targeted in a malicious social engineering attack, which led to their account being compromised."

According to the DAO, logging out the perpetrator and restoring TRON's access were not sufficient to stop the damage initiated by the hacker. The hackers were still able to contact others, offering posts from the TRON DAO main account in exchange for payment. Some funds were allegedly stolen while the hackers were in control of the X account.

However, the hackers later transferred the siphoned funds to a wallet linked with OKX, per a post from Justin Sun. Hence, he appealed to the exchange to intervene to ensure that the assets were not moved further and to help with the investigation.

In response, OKX CEO Star Xu told Sun that his firm has a Public Law Enforcement Cooperation policy. This is a list of guidelines and procedures that require law enforcement agencies to collaborate with other organizations. With it, they could share information with the public, government agencies, and non-governmental organizations.

Xu shared the link to the reporting channels where TRON DAO can drop evidence of the incident. He also assured TRON's founder that a temporary freeze will be made, but this will be based on the evidence provided. If the attacked protocol plans to extend the freeze, it is required to provide legal documents to OKX. This is part of the exchange's consumer protection policy.

While OKX has spelled out its policy, it is worth noting that Sun's request from the crypto exchange is not a new thing in the broader market.

Crypto exchanges do not consider it a 'big deal' to request assistance from their counterparts whenever they come under attack or breach. Decentralized trading platform KiloEx was recently attacked, causing users to lose $7.5 million.

Not too long after, Binance announced that it had managed to recover $6.1 million of the stolen funds, which is equivalent to 90% of the total stolen assets.

The exchange's security team acted swiftly when the KiloEx exploit was detected and reported, and the effort was supported by additional collaborations to investigate the incident, according to Binance CEO Richard Teng.