Nequi, Colombia’s most widely used digital wallet, reported on Wednesday, May 13, 2026, that its official X account was compromised by unknown individuals. The attackers removed corporate branding and promoted fraudulent cryptocurrency investment schemes involving TRON and USDT to the company’s 149,000 followers before the firm regained control.
The Nequi X Account Breach
On Wednesday, May 13, 2026, Nequi confirmed that its official presence on the social media platform X was seized by unauthorized actors. The breach targeted the @Nequi profile, a high-visibility account boasting more than 149,000 followers. According to reports from La Opinión and El Colombiano, the attackers immediately altered the account’s appearance by deleting the company’s official profile picture and institutional cover photo.
Once the corporate identity was stripped from the profile, the hijackers utilized the account’s reach to disseminate content related to cryptocurrency investment schemes. Specifically, the unauthorized posts and reposts focused on TRON and USDT. These assets have no affiliation with Nequi’s financial services, which primarily focus on digital wallet functionalities for the Colombian market. The company detected the intrusion and intervened, subsequently issuing an official statement to confirm that the account has been blocked and is once again under their control.
The Vulnerability of Verified Identities
A critical technical aspect of this incident involves the status of the account’s verification. Throughout the duration of the unauthorized access, the @Nequi profile maintained its gold verification badge. This detail highlights a significant gap between identity authentication and account security on modern social media platforms.
Cybersecurity expert Mucho Hacker noted that the presence of the gold badge during the hack serves as a warning to users and brands alike. The badge provides a sense of legitimacy that attackers can exploit to facilitate fraud.
That demonstrates that verification on X does not guarantee that an account is under the control of its legitimate owner at all times. The badge only certifies identity, not security.
Mucho Hacker, Cybersecurity Expert
This distinction is vital for understanding how modern social engineering functions. When a verified account—especially one belonging to a major financial institution—begins posting about high-yield investment opportunities, the inherent trust associated with the verification badge can bypass the natural skepticism of the audience. The attackers are not just stealing an account; they are hijacking the institutional trust that the verification badge represents.
Exploiting Trust via Cryptocurrency Schemes
The choice of content during the hack was not incidental. By promoting TRON and USDT, the attackers targeted a demographic already familiar with digital assets, using a trusted financial brand to lend an air of authority to fraudulent schemes. This tactic leverages the massive scale of Nequi’s influence. While the X account has 149,000 followers, Nequi’s broader user base is significantly larger. The company reported having more than 27 million registered users in Colombia as of the end of February 2026.
Although the breach was localized to the social media platform, the potential for secondary fraud remains a concern for the company’s massive user base. In these types of attacks, the goal is to use the hijacked account as a mouthpiece for investment scams that often require users to send funds to untraceable wallets. By using a verified financial entity as the delivery mechanism, the attackers attempt to minimize the friction typically encountered when promoting unregulated or fraudulent crypto projects.
Security Implications for Digital Finance
This incident underscores a growing challenge for fintech companies: the decoupling of platform security from brand security. While Nequi’s core financial infrastructure and user funds may remain secure, the compromise of a social media channel can cause immediate reputational damage and expose users to external financial risks. The ability of attackers to maintain the gold verification badge while posting fraudulent content suggests that social media platforms must evolve their verification protocols to account for real-time account security status.
For the cybersecurity industry, the Nequi hack serves as a case study in how social media hijacking is being weaponized for financial gain. As digital wallets continue to grow in popularity, particularly in markets like Colombia, these accounts become high-value targets for actors looking to exploit the intersection of social proof and financial interest. The focus for companies moving forward will likely shift from merely securing the platform to managing the extended surface area of their digital identities.
