HomeCryptoSpaceX Starlink Hack: Fake Meme Coin Drains $125K in ETH in Minutes

SpaceX Starlink Hack: Fake Meme Coin Drains $125K in ETH in Minutes

Someone broke into the SpaceXAI and Starlink accounts on X and used them to push a fake meme coin called SCATMAN — walking away with roughly $125,000 in Ethereum before the posts were flagged and removed. It was fast, calculated, and barely left a trace beyond a pair of wallet addresses.

Key takeaways

  • Hackers hijacked the SpaceXAI and Starlink accounts on X to promote the fraudulent meme coin SCATMAN.
  • The attacker minted 10 trillion SCATMAN tokens and sold them across two wallets for a combined total of approximately $125,000 in Ethereum.
  • On-chain analytics platform Lookonchain traced the funds and publicly disclosed both wallet addresses.
  • The fraudulent posts were removed from both accounts shortly after the scheme was detected.
  • Neither SpaceX nor Starlink had issued a public statement about the breach as of the time of reporting.

SpaceXAI and Starlink Accounts Hacked to Push SCATMAN Meme Coin

The SpaceX Starlink hack followed a script that has become disturbingly routine in the crypto space. A trusted, high-visibility account gets compromised. A token gets launched immediately. The attacker dumps the supply before anyone realizes what’s happening. By the time the posts come down, the money is already gone.

In this case, the attacker targeted two accounts with unmistakable name recognition: SpaceXAI and Starlink, both publicly tied to Elon Musk. That association is the entire point. Followers of those accounts are conditioned to treat their posts as credible — and scammers know exactly how to exploit that reflex.

Screenshots circulated on social media showing the accounts appearing to repost content from the SCATMAN token’s page, though independent verification of those specific reposts could not be confirmed. What is confirmed is that the posts were live long enough to drive token purchases before being removed.

Token Minting and the Speed of the Exit

The mechanics of the scam were straightforward but effective. The attacker minted 10 trillion SCATMAN tokens and sold the entire supply through a primary wallet for 59 Ethereum, worth roughly $108,000 at the time.

A second wallet, connected to the same attacker, offloaded an additional 59.28 million SCATMAN tokens for 14.7 Ethereum — adding approximately $27,000 to the total. Combined, the two wallets generated just under $125,000.

The whole operation was designed for speed. Mint, promote, sell, disappear. The window between the fake posts going live and the accounts being cleaned up was the only moment the attacker needed.

Lookonchain’s Identification of Attacker Wallets

On-chain analytics platform Lookonchain flagged the scheme and traced the funds back to both wallets. The platform publicly disclosed the wallet addresses, giving the crypto community at least a partial view of where the money went — even if the person behind them remains unidentified.

That kind of public blockchain tracing is one of the few tools available after a rug pull. It doesn’t recover funds, but it creates a permanent, visible record that can support future investigations and at minimum names the wallets involved.

A Pattern That Keeps Repeating

This is not a one-off. Account hijacking for fast cryptocurrency rug pulls has become one of the most consistent attack patterns in the space, and the method barely changes between incidents.

In February 2025, hackers took over the X account belonging to Pump.fun and used it to push a fake token called PUMP. One wallet from that scheme made over $135,000 in under a minute. Former Malaysian Prime Minister Mahathir Mohamad‘s account was separately hijacked to promote a token, resulting in $1.7 million in losses. World Liberty Financial co-founder Zach Witkoff and Myanmar’s junta leader were also hit with similar attacks around the same period.

The common thread is credibility arbitrage. Attackers aren’t building audiences — they’re borrowing them. A verified account with millions of followers can generate more token purchases in five minutes than an anonymous account ever could. The bigger and more recognizable the account, the more useful it becomes as an attack surface.

Why High-Profile Accounts Remain Attractive Targets

The SpaceX Starlink hack illustrates a structural problem that platforms like X have struggled to solve. High-value accounts — especially those associated with major companies or public figures — are targeted precisely because their audiences are large, engaged, and inclined to act quickly on what they see.

What makes these attacks particularly damaging is the asymmetry involved. The attacker needs only a brief window. The account owner, the platform, and the community all need to detect, respond, and remove content before enough purchases have been made. In cases like this one, the attacker won that race by a significant margin — $125,000 in Ethereum is a meaningful return for what was almost certainly a short-lived compromise.

As of publication, neither SpaceX nor Starlink had addressed the breach publicly. That silence leaves open questions about how the accounts were accessed, what security measures were in place, and whether any further action is being taken. For everyone else watching, the more pressing question is which high-profile account gets targeted next — and whether the outcome will be just as quick and clean for the attacker.

FAQ

What happened to the SpaceXAI and Starlink X accounts?

They were hacked by a scammer who used them to promote a fake meme coin called SCATMAN, driving token purchases before the posts were detected and removed.

How much money did the attacker earn from the SCATMAN scam?

The attacker minted and sold SCATMAN tokens across two wallets for a combined total of just under $125,000 in Ethereum — approximately $108,000 from the first wallet and around $27,000 from the second.

Were the attacker’s wallets identified?

Yes. On-chain analytics platform Lookonchain traced the stolen funds to two wallets and publicly disclosed both wallet addresses, though the identity of the person behind them remains unknown.

Is this type of social media hack common in crypto scams?

It has become increasingly common. Hijacking high-profile social media accounts to run fast cryptocurrency rug pulls is a well-documented tactic, with previous targets including Pump.fun, former Malaysian Prime Minister Mahathir Mohamad, and World Liberty Financial co-founder Zach Witkoff.

Article produced with the assistance of artificial intelligence and reviewed by the editorial team.

Stefania Stimolo
Stefania Stimolo
Graduated in Marketing and Communication, Stefania is an explorer of innovative opportunities. She started out as a Sales Assistant for e-commerce, and in 2016 she began to develop a passion for the digital world, initially in the Network Marketing sector, where she discovered and became passionate about the ideals behind Bitcoin and Blockchain technology, which lead her to work as a copywriter and translator for ICO projects and blogs, and organize introductory courses.
RELATED ARTICLES

Stay updated on all the news about cryptocurrencies and the entire world of blockchain.

Featured video

LATEST