The X account related to the Solana-based memecoin Launchpad Pump.fun has been breached and exploited to advertise fraudulent cryptocurrencies, including an “official” PUMP governance token. On-chain analysts suspect that this breach is connected to other compromised X accounts.
Related Reading
Pump.Fun Intruders Launch PUMP Memecoin
On Wednesday, the official X account of Pump.fun was infiltrated, with intruders promoting various tokens during the event. The account commenced posting multiple contract addresses (CA) for different memecoins before removing them.
Initially, the intruders revealed the contract address for PUMP, referred to as the “official Pump.fun governance token,” stating that “democracy has never been this degen” and that they would be rewarding their “OG DEGENS.”
The cryptocurrency community swiftly identified the memecoin as a scam and informed others about the potential account breach.
Blockchain analytics firm Bubblemaps notified users about the phony memecoin, clarifying that PUMP was “seriously bundled and will crash,” since 60% of the token’s supply was concentrated in two clusters.
In the meantime, the founder of Pump.fun, Alon Cohen, confirmed the X breach and urged the community not to engage with the account or any links shared until it was restored.
As per on-chain investigator Dethective, the hackers gained around $600,000 from the token mere minutes after revealing the memecoin. The cryptocurrency sleuth detailed that their tactic involved posting the CA of a bundled scam token and removing it after deceiving investors.
In addition to the counterfeit PUMP token, the malicious individual advertised OG, Extract Protocol (EXAI), and Pump.fun Hacked (HACKED), extracting approximately $90,000 from these memecoins. Dethective emphasized that some investors persist in purchasing the tokens after the hackers repeatedly scammed the preceding ones, with the last token reaching a market cap of $1.5 million at its peak.
The hostile actors inquired with the crypto community whether they should develop a “genuine token on Pump.fun” and label it “Hackeddotfun.” They “promised” to boost the memecoin to a market cap of $100 million, assuring that it wouldn’t “be a bundle” and would be introduced through the platform before erasing the posts.
Pump.Fun Hack Connected To Jupiter’s X Breach?
Distinguished on-chain investigator ZachXBT disclosed that the Pump.fun breach is “directly associated on-chain” with the Jupiter DAO and DogWifcoin vulnerabilities from February 2025 and November 2024, respectively.
On his Telegram channel, the online detective proposed that the assaults are “probably not the fault of either the Pump.fun or Jupiter teams.” Rather, Zach suspects a threat actor is “social engineering employees at X with bogus documents/emails or a panel is being exploited.”
Wu blockchain disseminated GMGN data indicating that only one Pump.fun memecoin had a market value surpassing $1 million yesterday. The publication highlighted that several tokens reached the $1 million threshold but rapidly encountered a steep decline.
Related Reading
In the wake of the TRUMP and MELANIA memecoins and the recent Libra token uproar, investors have voiced their weariness from the persisting memecoin frauds deployed via the Solana-based launchpad.
Certain community members labeled the breach “the nail in the meme coin coffin,” as sentiment surrounding the sector’s “memecoin fiesta” has reached its nadir this cycle.
As of this writing, the Pump.fun team has regained control of the account and indicated they will keep monitoring the situation as “the attack that led to this breach is unknown, but it’s improbable that the team is to blame.”
Featured Image from Unsplash.com, Chart from TradingView.com
