While Pump.fun users were going about their normal Tuesday, hackers seized control of the platform’s X account and released chaos. On February 26, 2025, the @pumpdotfun account suddenly started promoting a fake “PUMP” governance token. Pretty bold move considering Pump.fun doesn’t even have an official governance token.
The hackers didn’t stop there. They also pushed a fraudulent “GPT-4.5” token because apparently, one scam wasn’t enough. Pump.fun primarily operates as a platform that enables users to create Solana-based cryptocurrencies rather than issuing its own tokens. The whole mess started around 15:20 UTC, catching many traders with their digital pants down.
These digital thieves knew exactly what buttons to push. “OG DEGENS” were promised special rewards – a classic trick to create FOMO. They posted contract addresses, watched the money pour in, then deleted the evidence. Rinse and repeat. Some people never learn.
The financial damage was swift and brutal. One wallet collected over $135,000 in just sixty seconds. The fake PUMP token briefly hit a $5 million market cap before crashing, with hackers extracting roughly $600,000.
Add another $90,000 from other bogus tokens, and you’ve got a very profitable hack. The final promoted token peaked at $1.5 million market cap. Yikes.
Pump.fun reacted quickly, posting warnings on Telegram and urging users to ignore the compromised account. The sudden attack severely affected market liquidity, causing dramatic price swings as panicked traders rushed to sell. Users were advised to enable additional security measures on their own social media accounts to prevent similar breaches. Founder Alon Cohen confirmed the breach while his team scrambled to regain control and investigate how it happened.
The crazy part? Their account had Google 2FA, physical security keys, and complex passwords in a secure manager.
Crypto detective ZachXBT was first to sound the alarm, with Bubblemaps pointing out the suspiciously bundled token supply. This isn’t an isolated incident – it’s connected to similar hacks of Jupiter DAO and DogWifCoin accounts.
What’s particularly disturbing is how the hackers may have used social engineering against X employees to bypass security. The memecoin ecosystem just got another harsh reminder that social media remains its Achilles’ heel.
