Blockchain AcademicsBlockchain Academics
Hackers Compromise SpaceXAI and Starlink X Accounts in $125K Token Scam

Hackers Compromise SpaceXAI and Starlink X Accounts in $125K Token Scam

Attackers compromised official X accounts belonging to SpaceXAI and Starlink on July 13 to orchestrate a pump-and-dump scheme targeting the SCATMAN token, stealing approximately $125,000 from retail investors before the token collapsed 98%.

Hadi GhadbanJuly 13, 20263 min read
Share

Hackers Compromise SpaceXAI and Starlink X Accounts in $125K Token Scam

Attackers compromised official X accounts belonging to SpaceXAI and Starlink on July 13 to orchestrate a pump-and-dump scheme targeting the SCATMAN token, stealing approximately $125,000 from retail investors before the token collapsed 98%. Blockchain analytics platform Lookonchain exposed the scam, revealing a coordinated effort to exploit the trust and reach of verified accounts tied to Elon Musk's companies.

The attackers used the hijacked accounts to promote SCATMAN, artificially inflating demand and price before executing a coordinated exit that devastated the token's value. The scheme follows a familiar pattern: compromise a high-profile account, use it to lend credibility to a worthless asset, accumulate retail buy-in, then dump holdings at peak price while insiders pocket the gains. In this case, the perpetrators targeted accounts with direct associations to major tech and space companies, betting that retail traders would assume legitimacy based on account ownership alone.

Pump-and-dump schemes using compromised social media accounts have become a persistent vector for token fraud. The 2020 Twitter hack affected Barack Obama, Joe Biden, Elon Musk, Apple, and Uber, demonstrating the vulnerability of even heavily secured accounts. Since then, crypto influencers and project founders have been repeatedly targeted. Bad actors understand that a single verified post from a trusted account can trigger thousands of retail investors to buy within minutes, creating the liquidity needed to exit profitably.

The SCATMAN scam underscores a broader problem: the friction-free nature of token creation on Ethereum and other blockchains means scammers can launch a worthless asset, promote it through a hacked account, and vanish with proceeds before most victims realize what happened. The 98% crash indicates the token had no underlying utility or community support, only artificial demand driven by false endorsement. For the $125,000 in stolen funds, affected investors face a grim reality. Once tokens are dumped and prices crater, recovery is nearly impossible without law enforcement intervention.

Lookonchain's rapid detection and public exposure of the scam highlights the growing importance of on-chain analytics in combating fraud. Unlike traditional finance, where suspicious trading activity might take weeks to investigate, blockchain transactions are immutable and transparent. Platforms that monitor large transfers, price movements, and wallet behavior can flag scams in real-time, though detection speed does little to help investors who already bought at inflated prices.

For X and its parent company, the incident raises questions about account security protocols. SpaceX and Starlink maintain some of the most sensitive infrastructure on Earth; their X accounts presumably benefit from multi-factor authentication, IP whitelisting, and other advanced protections. A successful compromise suggests either a highly targeted attack, compromised credentials at a third party with access, or social engineering of X's own support staff. X has not publicly commented on the breach as of July 13.

The $125,000 loss, while painful for affected retail traders, pales compared to major exchange hacks or bridge exploits. Yet the incident serves as a reminder that account takeovers remain a viable attack vector for scammers, and that verified status on social media offers no guarantee of legitimacy. Retail investors should treat any token promotion from a newly compromised account with extreme skepticism, especially if the endorsement comes without prior announcement from the account holder or their official channels.

Discussion

Loading comments...