Breaking: SpaceX Accounts Hacked to Promote Meme Coin, Net About $135k
In a rapid, high-profile breach this week, unknown hackers took control of SpaceX’s and Starlink’s official X accounts to push a meme token. Early post-analysis from on-chain trackers shows the attacker minted trillions of tokens and drained proceeds into ether, leaving behind a trail that amounts to about $135,000 in total profits before the accounts were reclaimed. This is a stark reminder that even the most recognizable brands aren’t immune to social-media scams in the crypto era.
Security researchers describe the incident as a clear instance of a scammer makes $135k after hijacking brand channels to accelerate a pump-and-dump, leveraging the built-in trust of a corporate identity. The attacker’s moves unfolded over a matter of hours, coinciding with a social-media surge that drew fresh eyes to a little-known meme coin linked to a spoof version of a tech figure. The rapid insertion of brand content—a tactic designed to spark impulsive buys—helps explain how a modest token could spike, then crash as soon as the post is removed and scrutiny returns.
What Happened: Timeline and Key Numbers
The breach surfaced in the first week of July 2026, when SpaceX’s X account posted a message promoting a token tied to a Sam Altman‑style meme, with subsequent posts appearing under Starlink’s brand as well. The posts indicated a partnership or endorsement that could entice followers to rush into a purchase without performing due diligence. Within hours, on-chain dashboards captured the arithmetic behind the scheme: the attacker minted 10 trillion tokens and converted the bulk of the supply into 59 ETH, worth roughly $108,000 at the moment of sale.
In a separate transaction, a second wallet linked to the attacker liquidated 59.28 million SCATMAN tokens for 14.7 ETH, valued at about $27,000. When you add those two primary sales together, the total proceeds sit near $135,000, which represents the net profit after token-minting costs and any small interim trades. Lookonchain’s analysts flagged two addresses as the likely control points for the mint-and-sell cycle, underscoring how quickly a pump-and-dump can be executed when social channels are weaponized.
On-Chain Insights: How the Money Moved
- The attacker used 10 trillion tokens as the minting vehicle, then redirected proceeds into ETH as the price action unfolded. The first major dump moved 59 ETH, roughly $108k, into the attacker’s wallet.
- A secondary dump of 59.28 million tokens yielded another 14.7 ETH, about $27k, pushing the total to around $135k in a short timeframe.
- GeckoTerminal data shows the meme token’s market cap briefly surged to just over $2 million before the rug-pull dynamics pushed the price back toward zero, illustrating how quickly social hype can collapse when credibility is compromised.
Analysts emphasize that these on-chain traces are consistent with a classic misappropriation play: hijack a credible channel, inject a pumped asset, and exit after a limited window of liquidity. The two-pronged liquidation path—first a large, primary sale, then a smaller secondary sale—helps maximize immediate returns while minimizing the chance of a late surge that could expose the scam sooner.
How SpaceX and Starlink Responded
SpaceX and Starlink confirmed that the compromised posts were removed and that control of the affected accounts was restored. A SpaceX spokesperson told reporters the company is actively reviewing security practices with X's platform team and implementing enhanced safeguards to prevent a recurrence.
“We recognize the risk these scams pose to our followers and the broader crypto community,” the spokesperson said. “We moved quickly to regain access and are implementing stronger protections around official accounts.”
Cybersecurity observers note that this incident reflects a broader trend in which brand accounts are co-opted to amplify low-cap tokens. A senior analyst at ChainWatch commented that the profitability window for attackers is typically brief and highly dependent on social-media momentum, making rapid response and post-removal action critical.
Industry Context: A Pattern of High-Profile Breaches
The SpaceX/Starlink case sits within a string of notable brand-account compromises in early 2026. In January, Scroll founder Ye Chen’s X account was hijacked, with attackers impersonating staff and directing followers toward phishing links. A few months later, Matt Furie, creator of the Pepe meme, faced a similar compromise used to push a scam token. WinRAR’s official feed also briefly promoted a fake Solana-themed meme coin, highlighting how widely trusted brands can become conduits for fraud. The most prominent breach occurred in May, when Roaring Kitty’s dormant account was breached, leading to a rapid, short-lived token pump and subsequent liquidity drain.
Takeaways for Investors
Even though the dollar figure in this incident is modest relative to some crypto scams, the risk signal is loud. The episode underscores how easily a scam can leverage brand confidence to trigger a rush of impulsive buys, only to fade as quickly as it appeared. Investors should exercise caution when a token is tied to a familiar name, verify the authenticity of posts through official channels, and cross-check token contracts on reputable explorers before committing funds.
Industry watchers urge readers to rely on primary sources for token information, scrutinize any incentive-driven posts that accompany a brand’s name, and avoid clicking through links in posts from compromised or newly minted accounts. Exchanges and platform operators are also likely to intensify monitoring and rapid-response protocols for brand accounts, including mandatory two-factor authentication and stricter posting controls during high-volatility periods.
Looking Ahead: Lessons and Next Steps
The SpaceX/Starlink breach serves as a real-time case study in how social-engineering and branding can combine with token mechanics to produce a quick payday for attackers. For platform owners, it’s a reminder to embed stronger identity verification and access controls for official accounts, while for investors it’s a prompt to maintain skepticism about sudden social-media campaigns tied to high-profile brands.
As regulators and industry groups weigh accountability standards for social platforms and crypto projects alike, the episode reinforces a shared objective: protect users from the intersection of trusted brands and unvetted token incentives. The crypto ecosystem will likely see a band of tighter controls and more vigilant brand governance in the months ahead, driven by incidents like this one.
For the record, the attacker’s net gain from the incident, approximately $135,000, stands as a cautionary statistic in the ongoing debate over token scams and brand security in the crypto era. The phrase echoed by investigators and risk managers alike remains: 'scammer makes $135k after' hijacking a trusted channel to pump a token—until defenses catch up.
Discussion