UK government minister Lucy Powell’s X (formerly Twitter) account was hacked to promote a fraudulent cryptocurrency named “$HCC” (House of Commons Coin).

A series of now-deleted posts from the account — which belongs to the Leader of the House of Commons and has nearly 70,000 followers — described the token as a “community-driven digital currency bringing people’s power to the blockchain.”

The MP’s office confirmed the account was compromised on Tuesday morning and stated that “steps were quickly taken to secure the account and remove misleading posts.”

Some of the posts featured the official House of Commons logo, adding an air of legitimacy to the scam.

A Common Cybercrime Strategy

Cybercriminals often target high-profile social media accounts to promote scam cryptocurrencies. In a similar case, BBC journalist Nick Robinson also had his X account hacked.

Attackers typically gain access through phishing emails—messages that contain malicious links or fake websites designed to steal login credentials. They may also use leaked information from data breaches.

Once the account is taken over, scammers create and launch fake crypto tokens within hours and publish promotional content through the compromised profile. The goal is to exploit trust in the verified public figure to entice followers into buying the worthless coin.

A Classic “Pump and Dump” Scheme

Luke Nolan, a senior research associate at digital asset firm CoinShares, said Powell’s account was used in a typical “pump and dump” scheme:

“The creators inflate the coin’s value, encourage others to invest, and then dump their own holdings for profit, leaving the coin worthless,” he explained.

According to Nolan, the $HCC token had only 34 transactions, generating around £225 in profits for the fraudsters.

Cybersecurity Advice

A House of Commons spokesperson stated that the UK Parliament takes cybersecurity very seriously and regularly provides advice to MPs and staff. However, specific policies were not disclosed.

Meanwhile, Action Fraud reported a rise in social and email account takeovers in 2024, with over 35,000 incidents.

Users are advised to:

  • Enable two-step verification
  • Use strong, unique passwords made up of three random words
  • Never click suspicious links, even if they appear official

Earlier this year, journalist Nick Robinson revealed he was hacked after clicking on an email he believed came from X. The attacker used his account to promote a fake cryptocurrency named “$Today”.