Hack Alert: Pump.fun’s X Account Hacked

The independent blockchain investigator ZachXBT reported that Pump.fun’s X account had been compromised. He warned followers that hackers were promoting scam tokens through false announcements on the page.

The hackers posted their first tweet about an hour ago promoting a fake pump.fun governance token dubbed $PUMP. The post stated, ‘Introducing $PUMP, the OFFICIAL Pump.fun GOVERNANCE token, where DEMOCRACY has never been this degen.’ They claimed they would be rewarding the ‘OG DEGENS.’ The post has since been deleted.

> pumpdotfun account is hacked ⚠️$PUMP is heavily bundled and will dump pic.twitter.com/7wOy7lhka5
> — Bubblemaps (@bubblemaps) February 26, 2025

The hackers have since posted three more tweets, one claiming that the token would not be bundled and would be launched via Pump.fun. Another asked followers whether to launch a legit token called hackeddotfun. They further encouraged users to pump the coin to $100 million.

Their last tweet stated they were ‘here to save crypto,’ promoting another token called $HACKED, claiming that none of the token’s supply would be owned and not bundled. The tweets notably included CAs for followers to engage with. ZackXBT cautioned users against interacting with any of the CAs or links posted. All three posts have also been deleted.

Pump.fun has not yet commented on the situation, and it remains unclear if the platform is aware of the hack. However, a staff member acknowledged the hack and stated that the platform was investigating the situation.

Connections to Other Hacks

ZachXBT connected the Pump.fun X account hack to the Jupiter DAO and DogWifCoin hacks, indicating these may not be the teams’ faults. He speculated that these threats could be linked to X social engineering employees or the exploitation of an X panel.

Jupiter Exchange’s X account was hacked on February 6, prompting a warning to users not to engage with any links or information shared. This was not the first incident for the platform, leading to discussions of a potential boycott following a previous hack that cost users about $1 million.

Similarly, DogWifCoin’s X account was hacked on November 15 last year; however, the project reported no funds were stolen.

Recent Bybit Hack Incident

The Pump.fun hack comes shortly after Bybit experienced a cyber-attack linked to the Lazarus Group, costing around $1.4 billion. The hackers were able to steal $400,000 ETH from a cold wallet during a routine transfer.

Bybit confirmed that the attack involved social engineering, and the exchange executed measures to handle the situation. They have since returned to normal operations and are working to ensure the reliability of their reserves.

Attempted Laundering Through Pump.fun

The Bybit hackers attempted to use Pump.fun to launder stolen funds through scam memecoins. The funds, when divided among multiple wallets, culminated in $1.08 million in USDC being bridged to Solana. Several scam tokens were created to disguise these transactions.

Pump.fun managed to block multiple memecoins linked to the Bybit hackers, with Bybit commending their proactive measures to secure the ecosystem and prevent fraudulent activities.