What happened to the targeted creators?

According to reports, hackers took over X accounts belonging to adult creators, attempted to extort money from them, and then filled the compromised feeds with crypto and pro-MAGA posts.

Why are OnlyFans and adult creators vulnerable to this kind of attack?

Many depend heavily on social platforms to reach paying subscribers, often without dedicated security staff. That makes an account takeover both financially damaging and useful to attackers.

Why would hackers post political content after stealing an account?

A compromised account with a real audience can be used to spread whatever the attackers want, from crypto scams to political messaging. The value is the built-in reach and trust.

Is this mainly a crypto scam or a political operation?

Based on the reporting summary, it appears to be both: an extortion and fraud scheme that also uses hijacked feeds to push pro-MAGA content.

What should creators watch for right now?

They should be alert to phishing attempts, suspicious login prompts, sudden account-access issues, and unauthorized posts. Strong passwords and multi-factor authentication remain the basic defenses.

Hackers hijack creators’ X feeds with crypto spam

The scam wasn’t just about stealing money. It was about hijacking an audience, then turning a creator’s own feed into a megaphone for crypto junk and political spam.

Hackers are targeting adult creators with large online followings, taking over their X accounts, trying to extort them for money, and then flooding those feeds with crypto promotions and pro-MAGA posts.

That matters for more than the obvious reason. An account takeover used to be a theft problem. This looks more like theft plus distribution: steal the account, pressure the owner, then use a ready-made audience to push scams and political messaging. It’s a grubby little business model, and a fairly efficient one.

According to reports, the pattern has shown up in recent months among porn stars and OnlyFans creators with sizable audiences. In one case described by Wired, a gay OnlyFans star was hit by a crypto scam and then saw his X feed overtaken by posts described as “MAGA propaganda.” The summary of the reporting is blunt: extortion first, feed poisoning second.

And that second part matters because X is still built to reward velocity. A compromised account with an existing fan base can spread junk much faster than a brand-new spam account. The platform has wrestled for years with impersonation, bot amplification, and account security problems, a familiar story to anyone who has watched social platforms cut trust-and-safety staff and pretend software alone will mop up the mess. It usually doesn’t.

Key Facts

The targeting has happened in recent months, according to the source summary.
The victims described include porn stars and OnlyFans creators with big followings.
One reported victim was a gay OnlyFans star whose X account was taken over.
The hijacked feed was filled with pro-MAGA and crypto content, according to reports.
The scheme included attempts to extort money from creators after the hack.

What the scam actually exploits

This kind of attack works because follower lists are valuable, and because creators often operate as one-person media companies. Their X account isn’t just a place to post jokes or promos. It is the funnel. Lose the account and you don’t just lose a password; you lose customer access, brand control, and, for some people, the day’s income.

A large language model predicts the next likely word in a sentence. A social platform predicts the next likely thing to spread. Those are different machines, but both reward patterns, and scammers know it. If they can take over a creator account that already has reach, they skip the hardest part of internet fraud: getting noticed at all.

A hijacked creator account is no longer just a stolen identity. It’s rented distribution for whoever grabs it first.

Still, the pairing of crypto spam and pro-MAGA messaging is striking. Not because there is anything technically inevitable about that mix, but because opportunists online have learned that outrage and speculation travel well together. Crypto scammers want attention. Political propagandists want attention. A compromised social account gives both to them in the same place, at the same time, under someone else’s name. Cheap inventory.

There is a tendency in tech circles to wave this away as just another account-security story. It isn’t. The adult-creator economy has always had a weirdly fragile dependence on mainstream platforms that don’t especially like admitting they profit from creator traffic. Creators use subscription platforms, payment rails, messaging apps, and social feeds in tandem. Break one link and the whole business shakes. We’ve seen versions of that dependence in other industries too, from EV startups trying to control their sales narrative, as in Rivian Pins Its Future on the R2 SUV, to media companies chasing distribution deals such as Fox buys Roku in $22 billion deal. Audience access is the asset.

Why adult creators are easy marks

Adult creators are obvious targets for extortion because attackers assume, often correctly, that victims may be reluctant to go public quickly, may fear reputational fallout, and may run lean operations without dedicated security support. That doesn’t make them unusual. It makes them exposed.

And the extortion angle changes the pressure. When criminals think a victim is less likely to call attention to the attack, they gain time. Time to change credentials. Time to post scam links. Time to message followers. Time to turn one hack into several.

X, formerly Twitter, has long been central to how many adult creators build and maintain audiences, partly because other major platforms moderate sexual content far more aggressively. That creates a structural weakness. If a creator is pushed onto one relatively permissive platform for discoverability, then that platform’s security posture matters even more. The company has not exactly inspired confidence there. Readers who want the broad background on the service can find it on Wikipedia’s X entry, while federal cyber guidance on account protection remains the same old boring advice because boring advice works: strong unique passwords, phishing resistance, and multi-factor authentication. The US Cybersecurity and Infrastructure Security Agency has been saying that for a while.

Here’s the thing: most hacks sold as sophisticated are not. They are ordinary compromises, social engineering, reused passwords, SIM tricks, stolen session tokens, fake login pages, or support scams dressed up with a bit of menace. The novelty here is less the intrusion than the aftercare. The attackers don’t stop at theft. They repurpose the account as a distribution channel and, according to reports, lace it with ideology and coin-pump garbage. Cynical, yes. Complicated, not really.

The platform problem, again

Social networks like to present account security as a user hygiene issue. Sometimes that’s true. But platforms also decide how hard it is to recover an account, how quickly suspicious posting is throttled, and whether compromised high-reach accounts get escalated to a human response team. Those choices shape the blast radius.

And if the feed starts posting crypto pitches and political slogans, the platform’s recommendation systems can make the damage worse before anyone steps in. Researchers and public agencies have spent years documenting how online fraud and disinformation piggyback on distribution systems built for engagement. The FBI’s guidance on cryptocurrency fraud is dry but useful, and the Federal Trade Commission’s warning on crypto scams is even plainer: if money is moving under pressure, with urgency, over opaque channels, assume the worst first.

That plain skepticism is healthy. Silicon Valley has spent a decade insisting every online mess is the price of openness, scale, or innovation. Usually it’s the price of neglect. When compromised creator accounts become vectors for extortion and propaganda, that’s not a philosophical puzzle. It’s a product failure with victims attached.

The cross-current here is hard to miss. We are in a period where online influence systems blur commerce, politics, and fraud until they are barely distinguishable. A hacked account can pitch a token, parrot a campaign line, and fleece fans in one afternoon. If that sounds like a fringe case, spend more time on the internet. Or better yet, don’t.

There’s also a quiet reputational cost for the broader creator economy. Fans who see a favorite performer’s account suddenly pushing weird coin schemes or partisan slogans may not know it is a compromise. Some will click. Some will leave. Some will assume the creator chose it. Trust drains fast and refills slowly. We have seen adjacent worries in other automated systems too, including tools that act on their own once deployed, as in Earth Observation Satellite Finds Targets Without Human Commands. Different field, same lesson: automation and distribution magnify mistakes and abuse.

What to watch now

The immediate question is whether more creators come forward with the same pattern: takeover, extortion demand, then crypto and pro-MAGA posting from the hijacked account. If that cluster grows, it points to a repeatable playbook rather than isolated incidents.

The next thing to watch is platform response. Not the usual blog-post boilerplate, but whether X speeds up account recovery for high-risk users, limits suspicious posting bursts from newly compromised accounts, and offers better protection for people whose income depends on maintaining audience access. Until then, creators are left with the oldest rule in internet security: assume you are on your own, and lock everything down before the next phishing lure lands.