Lucy Powell, the Leader of the House of Commons, has become the latest high-profile figure to fall victim to a social media hack promoting a cryptocurrency scam.
A series of now-deleted posts on the UK MP’s official X (formerly Twitter) account were used to advertise a fake coin named “$HCC” – which was billed as “a community-driven digital currency bringing people’s power to the blockchain”.
‘Pump and dump’ scam
The posts included an image of the official House of Commons logo and appeared to lend parliamentary credibility to the scam. Her account, which is verified by the platform and references her cabinet role in its biography, has nearly 70,000 followers.
Cybercriminals frequently target prominent figures on social media to promote so-called ‘pump and dump’ cryptocurrencies – hastily created coins that are hyped to inflate their value before being dumped by the fraudsters for profit.
Hackers often use phishing emails to gain access to verified accounts, tricking victims into entering their passwords on fake login pages or using credentials harvested in previous data breaches.
“These scams can be launched in a matter of hours,” said Andrew Rose, chief security officer at SoSafe and former CISO at both UK Air Traffic Control and Mastercard.
“The hacking of Lucy Powell’s X account demonstrates the ongoing threat of cybercriminals targeting high-profile individuals or brands – such as the BBC’s Nick Robinson, Kylian Mbappé and even Metallica – to promote ‘pump and dump’ crypto schemes.”
Rose warned that the growing trend underscores the urgent need for stronger security protocols. “Implementing two-step verification (MFA) and using strong, unique passwords are essential defences,” he said.
But he added that technology alone won’t stop the problem. “People are both the primary attack surface and the first line of defence… It’s essential that every technology consumer is aware of the threats and then trained and empowered to recognise and avoid these social engineering tactics, such as phishing emails, to ensure maximum protection.”
Cryptocurrency market faces surge in scams amid investment boom
Powell’s account is the latest in a string of hacks involving public figures being exploited to promote fake digital currencies.
Earlier this year, BBC journalist Nick Robinson’s X account was hijacked to push a similar scam coin, using his reputation to lend legitimacy to a worthless token.
Meanwhile, the official X account of rock band Metallica was also taken over to peddle a fraudulent cryptocurrency – a Solana-based token called “Metal”. The currency was made to look official via the mention of Ticketmaster as a partner.
Both incidents appear to follow the same pattern – high-profile, verified accounts were used to rapidly amplify a scam, often with official-sounding branding and language, before being taken offline.
