On Feb. 26, 2025, the X account of Pump.fun, a Solana meme coin launchpad, was hacked to promote fraudulent tokens, including a fake “PUMP” token.
On Feb. 26, 2025, the X account of Pump.fun, a Solana meme coin launchpad, was hacked to promote fraudulent tokens, including a fake “PUMP” token. The hacker posted a message claiming the token was the “official governance” token of Pump.fun, alongside a Solana contract address. Despite warnings that the token was concentrated among a small group of wallets, it quickly reached a $5 million market cap before rapidly crashing.
The incident is part of a growing trend of social media hacks targeting the cryptocurrency industry. ZachXBT, an on-chain investigator, linked the attack to previous breaches, including those of Jupiter DAO and DogWifCoin. He speculated that social engineering tactics were likely used to compromise X accounts, though he emphasized that neither the Pump.fun nor the Jupiter DAO teams were at fault.
The Pump.fun team confirmed the hack, with co-founder Alon Cohen urging users to avoid interacting with the compromised account. Cohen also mentioned that all security protocols had been followed and suggested that the hack may have been caused by an issue within X itself. The hacker didn’t stop at promoting the fake PUMP token; they also pushed additional scam tokens called “hackeddotfun” and “HACKED.”
Pump.fun has been one of the most active platforms for launching Solana-based meme coins, deploying over 8 million tokens since its debut. However, the hack follows a series of controversies surrounding meme coin launches. Notably, the LIBRA token launch in Argentina led to a $107 million rug pull, and since then the wider meme coin market has been cooling off.
This attack highlights the vulnerability of cryptocurrency platforms to social media-based scams, particularly as the industry grapples with the aftermath of large-scale hacks. For instance, in January 2025, the Nasdaq X account was compromised to promote a fake meme coin that briefly reached a market cap of $80 million before crashing.
Despite the ongoing investigation into the hack, Pump.fun’s team has not yet regained control of their X account. They continue to work on restoring the account’s security while trying to prevent further scams from reaching their followers. The incident is another reminder of the ongoing cybersecurity risks in the crypto space, where hackers continue to exploit vulnerabilities to push fraudulent tokens and scam unsuspecting users.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
