Hackers gained access to the memecoin platform Pump.fun’s X account on Feb. 26, raising questions about security at a crucial time for memecoins and the crypto industry as a whole.
The platform has since regained control over its X account. Pump.fun said that it’s unlikely any of its staff are at fault as it followed “industry best-practices, and focused on minimizing the risk of such an event occurring.”
According to blockchain sleuths like ZachXBT, the attack on the platform may have been perpetrated by the same hackers responsible for other similar exploits.
While the Pump.fun incident came to a quick close with next to no damage done, memecoins are under increased scrutiny, and security issues are at the forefront of the blockchain industry’s mind.
Hackers posted a link for a fake governance token. Source: ZachXBT
Pump.fun hackers also responsible for Jupiter DAO and DogWifCoin
After gaining access to Pump.fun’s X account, the hackers were quick to offer a fake governance token to potential marks, stating that “democracy has never been this degen.”
The account breach was quickly flagged by blockchain investigator and analyst ZachXBT, who warned users to stay away from the X page and not interact with any links on the page.
He also traced the hackers back to previous incidents of compromised X accounts, namely those of Solana-based decentralized exchange (DEX) aggregator Jupiter DAO and memecoin DogWifCoin.
Connecting the address used by phishers on Pump.fun’s page to other hacks. Source: ZachXBT
ZachXBT said, “Notably for these attacks it is likely not the fault of either the Pump Fun or Jupiter teams.”
In its explanatory X post after restoring access to its account, Pump.fun detailed the various security measures it takes. It said that no messages were sent to the email associated with the account regarding changes to two-factor authentication (2FA), email, passwords or delegation.
The platform also claimed it had a number of other safeguards in place, like physical 2FA backups, regularly changing unique and complex passwords, and not having its 2FA connected to any email addresses.
Pump.fun’s latest post regarding the incident said it would “continue to monitor the situation and analyze any scenarios that could have taken place and report if there are any updates.”
Related: 8 most common cyberattacks and how to prevent them
The hack of Pump.fun’s social media is just the latest in an all-too-common trend of phishing attacks on prominent cryptocurrency-related social media accounts or even the institutions themselves.
Cryptocurrency exchange Bybit was the victim of a phishing attack in which North Korean hacker group Lazarus was able to steal over $1.4 billion in Ether (ETH). A Chainalysis report following the incident found that the hacker’s chosen attack vector was a phishing campaign targeting the exchange’s cold wallet signers. This allowed them to gain access to Bybit’s user interface and replace a multisignature wallet contract with their own malicious version.
Memecoins involved in high-profile exploits and scandals
Memecoins — which launch quickly amid a furor of investors aiming to make a quick buck before disappearing just as fast — have become a prime target for phishing attacks, exploits and scandals.
As Cointelegraph reported on Feb. 10, a number of crypto data aggregators listing the Central African Republic (CAR) memecoin were directing users to phishing sites.
Phishing links on the token’s Telegram channel. Source: Scam Sniffer
This was particularly problematic as Central African Republic President Faustin-Archange Touadéra seemed to give the token a nod of approval. He had posted on X that the government launched the token to “unite people, support national development, and put the Central African Republic on the world stage in a unique way.”
At publishing time, the project’s X account is still suspended.
Furthermore, ZachXBT has linked Lazarus to a number of recent Solana memecoin scams, including rug pulls, on Pump.fun itself: “I made 920+ addresses receiving funds tied to the Bybit hack public and noticed a person laundering for Lazarus Group previously launched meme coins via Pump Fun.”
Memecoin scandals have also reached as far as the presidential office of Argentina.
Earlier in February, the launch of memecoin LIBRA, which allegedly included sniping by founders — i.e., a form of insider trading — implicated Argentine President Javier Milei. The politician promoted the token on X before deleting his post when the price came crashing down.
While there were no cyberattacks involved in the LIBRA incident, it draws attention to the unregulated and “Wild West” nature of the memecoin market.
Regulators take aim at memecoins
Memecoin market activity has already caught the attention of regulatory agencies worldwide. On Feb. 20, the US Securities and Exchange Commission announced it was creating a new group to fight cyber misconduct,…
cointelegraph.com