A Hacked Airport Account Shows How Crypto Scammers Are Weaponizing Trusted Institutions on X

The official X account of Milwaukee Mitchell International Airport became the latest high-profile victim in a growing wave of social media takeovers used to promote crypto-related scams. In a breach reported on January 17, hackers gained control of the verified airport account and repurposed it to push cryptocurrency content, exploiting the credibility of a major public institution to lure unsuspecting users.

The compromise unfolded publicly when the airport’s account began reposting crypto-focused material alongside unrelated geopolitical content, including posts about events in Venezuela. Soon after, the attackers changed the account’s handle and visual identity to impersonate a Texas-based legal practice, the Hoda Law Firm, creating the appearance that the page had shifted ownership rather than been hijacked. For casual observers, the transformation may have seemed legitimate, especially given the account’s verification status.

The altered profile went further by pinning a message that warned users about crypto fraud while simultaneously offering assistance in recovering lost funds. The post included a direct call to action and encouraged private messages, a tactic commonly used to move conversations off public timelines and into private channels where scams can escalate. By presenting themselves as advocates for victims, the attackers inverted the language of consumer protection into a tool for further exploitation.

Airport officials moved quickly to distance themselves from the activity. Harold Mester, the airport’s public affairs director, confirmed that the breach had been reported to X and that users were advised not to interact with the compromised account. The airport’s security team began reviewing the incident and indicated that law enforcement could be contacted depending on the outcome of the investigation. For a time, links from the airport’s official website led to an error page on X, underscoring the disruption caused by the takeover.

The real Hoda Law Firm also issued a public response after its name and branding were pulled into the incident. Marshal Hoda, the firm’s owner, stated that the firm had no involvement and urged the public to avoid the impersonating account. He emphasized that the attackers were likely attempting to exploit the firm’s reputation, particularly given its work assisting victims of crypto scams and pursuing legal action against alleged fraudsters. The firm later added a warning about the impersonation to its own website.

This episode fits a broader pattern that has emerged over recent years. Crypto scammers have repeatedly targeted verified and high-visibility X accounts, ranging from tech companies to public figures, using them to distribute fraudulent links or wallet-draining schemes. In December, the messaging platform SimpleX Chat disclosed that its X account had been compromised through delegated posting permissions, allowing attackers to promote a fake crypto program designed to trick users into connecting their wallets.

What makes these incidents particularly effective is not technical sophistication but psychological leverage. By hijacking accounts that users already trust, scammers bypass skepticism and create a false sense of legitimacy. Verification badges, institutional branding, and authoritative language become tools of deception rather than assurance.

The Milwaukee airport hack underscores a persistent vulnerability in the crypto information ecosystem. As long as social platforms remain central channels for news, updates, and customer communication, compromised accounts will continue to offer scammers a powerful shortcut to credibility. For users, the lesson is increasingly clear: trust signals on social media are fragile, and even official accounts can become vehicles for fraud without warning.