Supra Labs stated that CEO Josh Tobkin's X account was compromised on June 5th. The attackers then used the account to promote counterfeit $SUPRA tokens and direct users to phishing airdrop websites.

The project team warns users not to transfer funds to the relevant addresses or connect their wallets. The team states that Supra's official token operates on the Layer 1 mainnet launched in 2024, and the Solana and Ethereum versions appearing on social media platforms are not official.

Attackers used executive accounts to spread misinformation

In this incident, the stolen account was used to post promotional content for the token and to lure users into clicking on external links under the guise of an "airdrop." This type of practice is not uncommon in the crypto industry. A common tactic is to first control the social media accounts of project teams, executives, or opinion leaders, and then induce users to interact through fake tokens, fake airdrops, or forged announcements.

The Supra Labs team subsequently issued warnings on multiple community channels, advising users to rely on official information and wait for further updates after their accounts were restored.

Fake tokens involve Solana and Ethereum.

According to the project team, counterfeit $SUPRA tokens promoted by attackers appeared on the Solana and Ethereum networks. The team emphasized that these tokens are not related to official assets.

• The counterfeit tokens were deployed on Solana and Ethereum.
• Phishing pages use the guise of "airdrops" to lure users into taking action.
• The official token runs on Supra's own Layer 1 mainnet.

The project team's move aims to help users quickly identify genuine and fake assets, avoiding misjudgments due to similar names on the blockchain or endorsements from social media accounts.

No confirmed user losses have been reported yet.

As of now, Supra Labs has stated that no users have been confirmed to have suffered financial losses as a result of this incident. Meanwhile, Tobkin is attempting to regain control of the accounts.

This incident once again demonstrates that security risks in the crypto industry do not solely stem from protocol vulnerabilities or private key leaks; social engineering attacks remain one of the most accessible entry points for scams. For ordinary users, when encountering information such as "temporary airdrops," "limited-time offers," or "new blockchain token launches," verifying the project's official website, mainnet information, and community announcements remains the most direct way to identify such offers.