The official X accounts of SpaceX and Starlink were recently compromised, leading to the promotion of a fraudulent cryptocurrency. This scam involved a fake token which was later subject to a ‘rug-pull,’ leaving investors with worthless assets and no means of recovery.
Details of the Account Compromise
Reports suggest that a user operating under the alias ‘Sam Catman’ falsely associated with SpaceX’s AI projects, posted promotional material for a new cryptocurrency. The content was then reposted by SpaceX and Starlink’s verified accounts, which gave the scam a veneer of legitimacy due to their large follower base.
Screenshots circulated online showed the promotional content embedded alongside SpaceX’s regular posts. This integration suggested that the scam post was inserted subtly without any overt changes to the account’s appearance, such as banner alterations.
The Mechanics of the Scam
The scam followed a familiar pattern where investors were enticed to purchase the token, only to be ‘rug-pulled’ later. In this scheme, scammers drain the cryptocurrency’s liquidity pool after enough purchases are made, leaving buyers with an asset that has no value. Typically, only the creator has control over the smart contract, making it nearly impossible for victims to recoup their losses via the exchange.
This incident is part of a broader trend where verified and high-profile X accounts are exploited to promote fraudulent tokens. Previous examples include the U.S. SEC’s account and BBC presenter Nick Robinson’s account being used for similar scams.
Historical Context and Future Implications
SpaceX-themed crypto scams are not new, with one notable 2021 incident involving fake promotions on YouTube that defrauded investors of approximately $1 million. Large brand accounts are prime targets due to their vast reach and the perceived authenticity that verification badges provide.
Common vectors for such compromises include phishing emails that mimic platform policies and unauthorized access to recovery-linked phone numbers. These methods bypass the need for advanced technical hacking techniques.
As of now, neither SpaceX nor X has released an official statement detailing the extent of the breach or the measures taken to resolve it. The situation continues to develop based on user reports.
For further protection against cyber threats, organizations are encouraged to strengthen their security operations with rapid threat detection and integration tools like ANY.RUN.
