A wave of account takeovers targeting gay OnlyFans creators has highlighted how cybercriminals are increasingly using cryptocurrency in extortion schemes.
Victims say attackers seized control of their X accounts, demanded digital asset payments for their return, and used the stolen profiles to promote political content and crypto-related posts.
Several creators reportedly refused to pay the ransom, leaving hackers to continue operating the compromised accounts while pressuring owners to hand over thousands of dollars in cryptocurrency.

Crypto ransom scheme targets popular creators
One of the highest-profile victims was Patrick Bewley, an adult content creator known online as Daddy Patrick, who had built an audience of more than 132,000 followers on X.
According to reports, the attack began after Bewley received a direct message from someone he knew whose account had already been compromised. The message directed him to what appeared to be an X login page, but was actually a phishing site designed to steal his credentials.
After gaining access, the attacker changed the account’s recovery information and later demanded 2,000 GAT tokens in exchange for returning control. When Bewley declined, the ransom reportedly increased to the equivalent of $3,000 in cryptocurrency while the account was repurposed to post political material and crypto-related content.
More victims refuse to pay
Other creators, including Fabian Quezada, known professionally as Buck Bronco, also reportedly lost access to their accounts. Quezada allegedly received threats through WhatsApp but chose not to negotiate, fearing additional financial losses.
Meanwhile, creators Liam Angell and Jasun Mark eventually regained access after extended disruptions. While his account was under hacker control, Mark’s profile reportedly published cryptocurrency promotions to tens of thousands of followers.
The incidents suggest that compromised social media accounts are increasingly being exploited to spread crypto-related messages while pressuring victims into making digital asset payments.
Security experts warn of growing threat
Cybersecurity specialists believe phishing remains one of the most effective methods for stealing access to high-profile social media accounts. Once inside, attackers can quickly change recovery details, making it difficult for owners to regain control.
Experts also warn that criminals may be using artificial intelligence to scale phishing campaigns and identify valuable targets ahead of major political events. The latest incidents add to a growing list of crypto-linked social media hacks, including previous cases where compromised public accounts were used to spread false Bitcoin-related claims and other misleading information.
Earlier this month, Supra confirmed that its official X account was accessed without authorization, leading to the spread of a fake announcement promoting a “$SUPRA token launch on Ethereum” and a phishing-style airdrop campaign.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics























































































