SpaceX and Starlink X Accounts Hijacked to Promote Fake Crypto Coin

Recent reports indicate that the official X (formerly Twitter) accounts of SpaceX and Starlink were briefly compromised to promote a fraudulent cryptocurrency. This incident underscores the persistent threat of social media account hijackings aimed at disseminating scams to a broad audience.

According to multiple online sources, an account named “Sam Catman,” which falsely presented itself as affiliated with SpaceX’s AI initiatives, posted promotional content for a new cryptocurrency token. The official SpaceX and Starlink X accounts subsequently reposted this content, lending an air of legitimacy to the scam due to their verified status and substantial follower base.

Screenshots circulating online show the reposted content appearing alongside SpaceX’s routine updates about their Grok AI model, suggesting that the malicious content was integrated seamlessly into the accounts’ regular posting activity. This subtle insertion likely made it more challenging for followers to discern the fraudulent nature of the posts.

In a typical “rug-pull” scheme, investors who purchased the promoted token found themselves defrauded shortly after. In such scams, perpetrators drain the token’s liquidity pool once a sufficient number of victims have invested, leaving holders with worthless assets and no recourse for fund recovery. Control over the underlying smart contract typically rests solely with the token’s creator, preventing victims from reversing transactions or tracing their losses through the exchange.

This incident is part of a broader pattern of high-profile X accounts being hijacked to promote fraudulent tokens. For instance, in January 2024, the U.S. Securities and Exchange Commission’s X account was compromised to falsely announce the approval of a Bitcoin ETF. Similarly, earlier this year, BBC presenter Nick Robinson’s account was used to promote a fake Solana token named “$Today.”

SpaceX-branded cryptocurrency scams have been circulating for years. In 2021, a campaign used fake SpaceX coin promotions on YouTube to steal approximately $1 million from investors before executing a liquidity pull.

Attackers frequently target large, trusted brand accounts because a single post can reach millions of followers instantly. The platform’s verification checkmark or affiliate badge creates a false sense of authenticity, lowering victims’ guard and increasing the likelihood of successful scams.

Common methods used to compromise such accounts include phishing emails that mimic platform policy notices and unauthorized access to phone numbers linked to account recovery processes, rather than sophisticated technical exploits.

As of now, neither SpaceX nor X has issued an official public statement confirming the scope or resolution of the compromise. Details continue to emerge from user reports, highlighting the need for vigilance among social media users and organizations in safeguarding their accounts against such attacks.

This incident highlights the critical importance of robust security measures for social media accounts, especially those representing high-profile organizations. The seamless integration of fraudulent content into legitimate posts demonstrates the evolving sophistication of cybercriminals. Organizations must prioritize account security through strong, unique passwords, multi-factor authentication, and regular monitoring for unauthorized activity. Additionally, users should remain cautious of investment opportunities promoted through social media, even when they appear to originate from trusted sources, and verify the authenticity of such promotions through official channels.