Hackers gained access to the X account of meme coin platform Pump.fun on February 26, raising questions about security at a critical time for meme coins and the cryptocurrency industry as a whole.
The platform then regained control of the X account. Pump.fun said its staff were unlikely to be at fault as it “follows industry best practices and is focused on minimizing the risk of this happening.”
According to blockchain experts like ZachXBT, the attack on this platform may have been carried out by the same hackers who have carried out other similar exploits.
Although the Pump.fun incident was quickly resolved with little damage, memecoins have come under increased scrutiny and security issues are at the forefront of the blockchain industry.
Hackers posted links to fake governance tokens. sauce: Zack XBT
Pump.fun hacker also responsible for Jupiter DAO and DogWifCoin
After gaining access to the Pump.fun
The account breach was immediately reported by blockchain researcher and analyst ZachXBT, who warned users to stay away from the X page and not to interact with the links on the page.
He also traced the hacker back to previous X Account breaches, including Solana-based decentralized exchange (DEX) aggregator Jupiter DAO and meme coin DogWifCoin.
Linking the addresses used by phishers on the Pump.fun page to other hacks. Source: ZachXBT
ZachXBT said, “It’s likely not the fault of the Pump Fun or Jupiter teams, especially when it comes to these attacks.”
Pump.fun detailed the various security measures it is taking in an explanatory X post after it regained access to its account. No messages regarding two-factor authentication (2FA), email, password, or delegation changes were sent to the email associated with the account.
The platform also claimed to have a number of other safety measures in place, including physical 2FA backups, regularly changing unique and complex passwords, and not connecting 2FA to email addresses.
Pump.fun’s latest post about the incident said: “We will continue to monitor the situation, analyze possible scenarios that may have occurred and report any updates.”
Related: The 8 most common cyberattacks and how to protect against them
The Pump.fun social media hack is just the latest in an all-too-common trend of phishing attacks against prominent cryptocurrency-related social media accounts, and even the institutions themselves.
Cryptocurrency exchange Bybit became the victim of a phishing attack in which North Korean hacker group Lazarus was able to steal over $1.4 billion in Ether (ETH). A Chaina Analysis report following the incident revealed that the hacker’s chosen attack vector was a phishing campaign targeting the exchange’s cold wallet signers. This allowed them to access Bybit’s user interface and replace the multi-signature wallet contract with their own malicious version.
Meme coins involved in high-profile exploits and scandals
Meme coins are quickly minted in a get-rich-quick investor frenzy and quickly disappear, making them a prime target for phishing attacks, exploits and scandals.
As Cointelegraph reported on February 10, a number of crypto data aggregators listing Central African Republic (CAR) meme coins were directing users to phishing sites.
Phishing link on Token’s Telegram channel. Source: Scam Sniffer
This was especially problematic because Central African Republic President Faustin-Archange Touadera seemed to agree with this token. He posted on X that the government launched the token to “unite the people, support the country’s development and put the Central African Republic on the world stage in its own way.”
At the time of publication, the project’s X account is still suspended.
Additionally, ZachXBT linked Lazarus to a number of recent Solana meme coin scams, including a lag pull on Pump.fun itself. “I disclosed over 920 addresses receiving funds related to the Bybit hack and became aware that the Lazarus Group money launderers had previously launched meme coins via Pump Fun.”
The memecoin scandal has even reached the Argentine presidential palace.
In early February, the launch of the meme coin LIBRA was said to have involved sniping, a form of insider trading, by its founders, with Argentine President Javier Millei suspected of involvement. The politician promoted the token on X before deleting the post when the price crashed.
Although the LIBRA incident did not involve a cyberattack, it did draw attention to the unregulated, Wild West nature of the memecoin market.
Regulators target meme coins
Activity in the meme coin market has already attracted the attention of regulators around the world. On February 20, the U.S. Securities and Exchange Commission announced the creation of a new group to combat cyber fraud, including fraud related to cryptocurrencies.
Elizabeth Davis, a partner at the law firm Davis Wright Tremaine and former chief counsel at the Commodity Futures Trading Commission (CFTC), said the CFTC may oversee meme coins in the future.
She previously told Cointelegraph, “With increased focus on retail market participants, the CFTC is focused on protecting market participants from fraud and manipulation, and this will include the retail population most likely to use meme coins.”
Related: Law firm demands Pump.fun remove over 200 meme coins using its IP
Even Dubai’s regulator, which usually takes a forward-thinking approach to cryptocurrencies, has warned of the risks of meme coins. “Many such assets lack intrinsic value and derive their prices from social media trends, hype and misleading promotional strategies,” the Virtual Assets Regulatory Authority said. Additionally, it said meme coins issued under its jurisdiction must comply with the law.
Recent incidents and heightened scrutiny have led the anonymous founder of Pump.fun to suggest that the industry needs “guardrails.” This includes improved user education, onboarding, and a “more serious” approach to user protection.
Throughout the history of cryptocurrencies, meme coins have gone in and out of trends. Regulators are clearly poised to address these issues this and the next cycle. As of this writing, meme coin popularity has reached its lowest level since January, but some believe it will never rise again.
Sasha Ivanov, founder of the Waves DeFi protocol, told Cointelegraph Magazine:
“This extractive economy is not going to be very stable and it’s going to be short-lived. So it’s probably going to last another six months or so, and then something else will happen.”
magazine: After meme coins go down, DeFi will rise again: Sasha Ivanov, X Hall of Flame
Cointelegraph Features and Cointelegraph Magazine publish long-form journalism, analysis, and narrative reports produced by Cointelegraph’s in-house editorial team and selected external contributors with subject matter expertise. All articles are edited and reviewed by Cointelegraph editors according to our editorial standards. Contributions from external writers are solicited based on their experience, research, and perspectives and do not reflect the views of Cointelegraph as a company unless explicitly stated. The content published in Features and Magazines does not constitute financial, legal, or investment advice. Readers should conduct their own research and, if appropriate, consult a qualified professional. Cointelegraph maintains complete editorial independence. The selection, commissioning and publication of features and magazine content is not influenced by advertisers, partners or commercial relationships.
