The attackers promoted a fictitious “PUMP” governance token, claiming it would reward early adopters—or as they called them, “OG DEGENS.” Not content with just one scam, they doubled down by creating a fraudulent “GPT-4.5” token. Talk about greedy. They even threatened to delete the entire account if their fake token reached a $100M market cap, creating artificial urgency that pushed users to act quickly without thinking.
Pump.fun’s team scrambled to respond, confirming the breach via their Telegram channel. They urged users to ignore all posts from the compromised X account while they investigated what happened. The platform worked to remove the fraudulent posts and regain control of their account. Standard damage control playbook.
The hack bears striking similarities to other recent crypto social media takeovers, including the Jupiter DAO hack earlier this month and last November’s DogWifCoin compromise. Same trick, different day.
Security experts suspect the attackers may have used social engineering tactics targeting X employees, possibly with fraudulent documents or by exploiting system vulnerabilities. The incident coincided with the prolonged bear market conditions that have already weakened investor sentiment across the cryptocurrency space. The scammers likely employed bundled transactions to quickly drain funds from multiple wallets simultaneously during the sell-off.
For users who interacted with the fake tokens, the damage is done. Their funds are gone. The incident has predictably sown confusion in the Pump.fun community and raised questions about the platform’s security practices. Trust is hard to rebuild in crypto—a space already riddled with skepticism.
This breach highlights the growing sophistication of crypto scammers and the persistent security vulnerabilities of social media platforms. Users increasingly need their guard up when interacting with any crypto-related accounts.
Because in this Wild West of digital finance, the sheriff is always a day late and a dollar short.
