ZachXBT: Hackers compromise Pump.fun X account, issuing fake memecoin announcements

The independent blockchain investigator ZachXBT published that Pump.fun’s X account had been compromised. ZachXBT also warned Pump.fun followers that the hackers were promoting scam tokens through false announcements on the page. 

The hackers posted their first tweet about one hour ago promoting a fake pump.fun governance token dubbed $PUMP. The post stated, ‘Introducing $PUMP, the OFFICIAL Pump.fun GOVERNANCE token, where DEMOCRACY has never been this degen.’ The hackers added that they would be rewarding the ‘OG DEGENS.’ The post has since then been deleted. 

pumpdotfun account is hacked ⚠️$PUMP is heavily bundled and will dump pic.twitter.com/7wOy7lhka5

— Bubblemaps (@bubblemaps) February 26, 2025

The hackers have posted 3 more tweets in the past hour, with one promising that the token would not be a bundle and would be launched via Pump.fun. Another tweet asked the memecoin launchpad’s followers whether to launch a legit token called hackeddotfun. The hackers further encouraged users to pump the coin to $100 million. 

The last tweet stated that the hackers were ‘here to save crypto,’ promoting another token called $HACKED. The hackers alleged that none of the token’s supply would be owned and not bundled. The tweets notably included CAs for followers to engage with. ZackXBT still encouraged users not to interact with any of the CAs or links posted. The 3 posts have also been deleted since. 

The Solana memecoin launcher has still not commented on the situation, and it is unclear whether the platform is aware of the hack. A Pump.fun staff member has still reportedly acknowledged the hack, informing followers that the platform was investigating the situation. 

ZackXBT connects the hack to Jupiter DAO and DogWifCoin hacks

ZachXBT mentioned in another Telegram post that Pump.fun X account hack could be connected to the Jupiter DAO X account hack this February and DogWifCoin’s hack in November last year. The investigator still insisted that the hacks were possibly not the fault of the teams. ZachXBT further speculated that the threats could be connected to X social engineering employees with fraudulent documents or emails. The investigator also suggested that the exploitation of an X panel could be another probable cause of the compromised accounts.

Jupiter Exchange’s X account suffered a hack on February 6, prompting the team to announce the incident on the official Jupiter DAO page. The team warned users not to engage with any of the links, CAs, or information shared on the exchange’s X account. 

The incident was not the first the platform experienced over the past few months, leading users to discuss whether to boycott the exchange. Hackers had exploited the JUP token airdrop account about one year ago, costing users approximately $1 million. 

DogWifCoin’s X account suffered a hack on November 15 last year, where hackers attempted to scam the memecoin’s followers through phishing links. The project still reported that the hackers did not manage to steal any funds from users. 

Pump.fun hack comes a few days after Bybit’s incident

Bybit Hack Forensics Report
As promised, here are the preliminary reports of the hack conducted by @sygnia_labs and @Verichains
Screenshotted the conclusion and here is the link to the full report: https://t.co/3hcqkXLN5U pic.twitter.com/tlZK2B3jIW

— Ben Zhou (@benbybit) February 26, 2025

The recent Pump.fun X account hack comes only a few days after one of the top exchanges, Bybit, experienced a cyber-attack. The Bybit hack was tied to the North Korean cybercrime organization Lazarus Group, leading to about $1.4 billion in losses. The exchange’s attack was one of the largest hacks recorded in crypto history, standing above the Ronin Network cyber-attack 3 years ago, which cost users about $625 million. 

The hackers swiped $400,000 ETH from one of the exchange’s cold wallets. The attack happened during a routine transfer from the exchange’s hot wallet despite the transaction undergoing multiple checks, including a sign-off from Bybit’s CEO, Ben Zhao. Chainalysis reportedly confirmed that the attack was tied to social engineering, with the hackers taking advantage of the cold wallet signers through phishing attacks. The exchange immediately executed security protocols to manage the situation. 

The exchange’s deposits and withdrawals went back to normal on Saturday after Bybit handled the backlog of over 500,000 withdrawal requests. Bybit also announced that the exchange worked to return its ETH reserves back to 1:1. Lookonchain data also revealed that the platform’s reserves were back to 100% by February 24 through loans, ETH purchases, and whale deposits. 

Bybit’s CEO announced further steps to ensure the capture of the Lazarus Group through the Lazarus Bounty Program. Zhao outlined that the bounty site, the first the crypto industry ever had, would employ complete transparency. The exchange has employed a team to ensure the website remains up-to-date. 

Bybit hackers use Pump.fun to launder stolen funds

Thanks to @caLilyLiu and the @pumpdotfun team for taking swift action to block and remove a Solana-based token whose creator may be affiliated with hacker groups, ensuring the security of the ecosystem. This is a great example of proactive security in action

— Bybit (@Bybit_Official) February 23, 2025

The Bybit hackers attempted to use Pump.fun to launder the stolen funds through scam memecoins. The attempt came after the hackers split the stolen funds across multiple wallets, for which several exchanges were on the lookout. ZachXBT revealed that the cyber-criminals received $1.08 million in USDC in one wallet before bridging the funds to Solana. 

The hackers shifted the funds through a complex web of money laundering schemes, passing them through BSC wallets before sending them back to Solana. The group later created scam memecoins to guise transactions as memecoin trades, including through the QinShihuang token. The hackers managed to trade $26 million through the token before the Solana memecoin launcher blocked it. 

Pump.fun has blocked several other memecoins tied to the Bybit hackers. Bybit applauded the efforts of the Memecoin launcher to prevent money laundering in the ecosystem. The exchange tweeted that Pump.fun’s efforts showed proactive steps to ensure user safety and prevent fraudulent behavior.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot