SpaceXAI and Starlink Accounts Hacked to Push $125K SCATMAN Scam

ETH-0.60%
PUMP8.26%

Hackers compromised the SpaceXAI and Starlink accounts on X and used them to promote a fraudulent meme coin called SCATMAN, netting approximately $125,000 in Ethereum before the posts were detected and removed. The attacker minted 10 trillion SCATMAN tokens and sold the entire supply through two wallets—one generating roughly $108,000 from 59 Ethereum and a second offloading additional tokens for about $27,000 from 14.7 Ethereum. On-chain analytics platform Lookonchain traced the funds and publicly disclosed both wallet addresses, though the identity behind them remains unknown. The scheme exploited the credibility of accounts publicly tied to Elon Musk, conditioning followers to treat posts as trustworthy and act quickly on token promotions. This incident follows a pattern of similar high-profile account hijackings in the crypto space, including attacks on Pump.fun, former Malaysian Prime Minister Mahathir Mohamad, and World Liberty Financial co-founder Zach Witkoff in February 2025.

Hackers Mint 10 Trillion SCATMAN Tokens and Sell via Two Wallets

The attacker minted 10 trillion SCATMAN tokens and executed sales through two separate wallets. The primary wallet sold the bulk of the supply for 59 Ethereum, worth approximately $108,000 at the time of the transaction. A second wallet connected to the same attacker offloaded an additional 59.28 million SCATMAN tokens for 14.7 Ethereum, adding roughly $27,000 to the total haul. Combined, the two wallets generated just under $125,000 in Ethereum. Screenshots circulated on social media showing the compromised accounts appearing to repost content from the SCATMAN token's page, though independent verification of those specific reposts could not be confirmed. The posts remained live long enough to drive token purchases before being removed by the platform.

Lookonchain Traces Funds to Two Wallet Addresses

On-chain analytics platform Lookonchain flagged the scheme and traced the stolen funds back to both wallets involved in the scam. The platform publicly disclosed the wallet addresses, providing the crypto community with a visible record of where the money went. The identity of the person behind the wallets remains unknown. Public blockchain tracing does not recover funds but creates a permanent record that can support future investigations and names the wallets involved in the scheme.

Similar Account Hijackings Target Pump.fun and Public Figures in February 2025

This incident follows a series of similar attacks in February 2025. Hackers took over the X account belonging to Pump.fun and used it to promote a fake token called PUMP, with one wallet from that scheme making over $135,000 in under a minute. Former Malaysian Prime Minister Mahathir Mohamad's account was separately hijacked to promote a token, resulting in $1.7 million in losses. World Liberty Financial co-founder Zach Witkoff and Myanmar's junta leader were also hit with similar attacks during the same period. The common thread across these incidents is credibility arbitrage—attackers borrow the audiences of verified accounts with millions of followers to generate token purchases in minutes.

High-Profile Accounts Exploited for Credibility Arbitrage

The SpaceXAI and Starlink accounts were targeted because their audiences are large, engaged, and inclined to act quickly on posts. A verified account associated with major companies or public figures can generate more token purchases in five minutes than an anonymous account ever could. The bigger and more recognizable the account, the more useful it becomes as an attack surface. What makes these attacks particularly damaging is the asymmetry involved—the attacker needs only a brief window, while the account owner, the platform, and the community all need to detect, respond, and remove content before enough purchases have been made. In this case, the attacker won that race by a significant margin. As of publication, neither SpaceX nor Starlink had addressed the breach publicly, leaving open questions about how the accounts were accessed and what security measures were in place.

FAQ

What happened to the SpaceXAI and Starlink X accounts?
They were hacked by a scammer who used them to promote a fake meme coin called SCATMAN, driving token purchases before the posts were detected and removed.

How much money did the attacker earn from the SCATMAN scam?
The attacker minted and sold SCATMAN tokens across two wallets for a combined total of just under $125,000 in Ethereum—approximately $108,000 from the first wallet and around $27,000 from the second.

Were the attacker's wallets identified?
Yes. On-chain analytics platform Lookonchain traced the stolen funds to two wallets and publicly disclosed both wallet addresses, though the identity of the person behind them remains unknown.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments