The attackers leveraged trusted corporate accounts to quickly establish credibility and then quickly cash out their token holdings.
Hackers took over SpaceX and Starlink’s X accounts to promote meme coins and stole over $135,000.
This profile was used to fund Robinhood-based tokens, which briefly reached a market cap of $2 million before crashing to nearly zero.
SpaceX and Starlink fall victim to breach
Screenshots circulating on social media show both accounts reposting content from Token’s profile, with the posts including tags that claim a connection between the Sam Altman (SCATMAN) meme coin and SpaceX.
According to on-chain data, the hacker created 10 trillion tokens and sold the entire stash shortly after the post was published, converting it into 59 ether (ETH) worth about $108,000.
According to Lookonchain, another wallet linked to the attacker resold 59.28 million SCATMAN tokens worth approximately $27,000 for 14.7 ETH, for a total profit of approximately $135,000. The on-chain analytics platform also identified two addresses used by the hackers.
According to data from Geckoterminal, SCATMAN’s market cap soared to more than $2 million before being crushed shortly thereafter. Meanwhile, both companies have since deleted the fake posts and regained control of the accounts.
Rug-pulling remains common in the crypto space
Takeovers of prominent social media accounts have become common in the crypto industry, many of which have been used to pump and dump low-cost cryptocurrencies.
You may also like:
For example, Scroll co-founder Ye Chen’s X account was hijacked in January 2026, with attackers impersonating platform staff and sending phishing messages about copyright infringement to trick crypto readers into clicking on malicious links.
A few months later, Pepe creator Matt Furie’s account was used to promote fraudulent tokens. Around the same time, WinRAR’s official account was also compromised and fake Solana meme coins were pushed to its followers.
The most notable breach occurred in May, when the dormant accounts of Keith Gill, popularly known as Roaring Kitty, were compromised. In this case, the hackers launched the Red Kitten Crew (RKC) in Solana and made off with more than $600,000 in 30 minutes.
Each incident followed a pattern seen several times in cryptocurrencies: influencers generate hype, developers cash out their funds, and retail traders continue to lose money.
Exclusive offer for Bybit’s CryptoPotato readers: Use this link to register and open a $500 free position on any coin!
