Pump.fun’s X account hacked to promote fake governance token $PUMP

Hackers exploit compromised account to launch fraudulent token aimed at deceiving crypto enthusiasts.

Key Takeaways

• Pump.fun's X account was hacked to promote a fake governance token named '$PUMP.'
• The crypto community quickly identified the fraudulent activity.

<?xml encoding="UTF-8">

The official X (formerly Twitter) account of Pump.fun was compromised today, with hackers using the platform to promote a fraudulent governance token called “$PUMP.”

On Wednesday, the hackers posted a pinned tweet claiming “$PUMP” was the “OFFICIAL pump.fun GOVERNANCE token” and promised rewards for “OG DEGENS.” The post also included a contract address.

Photo: @tradeducky

Members of the crypto community quickly flagged the announcement as suspicious. The fake token announcement and associated contract address were subsequently removed from the platform.

Hackers left a comment on Alon’s tweet

The account’s most recent post

Pump.fun has confirmed the security breach and warned users to disregard the fraudulent token announcement. The platform advised users against interacting with the provided contract address while working to restore control of its X account and investigate the incident.

@pumpdotfun account has just been compromised. Please don’t interact

— alon (@a1lon9) February 26, 2025

Blockchain investigator ZachXBT has uncovered on-chain evidence suggesting a potential link between the compromise of Pump.fund’s X account and prior security breaches targeting Jupiter DAO and DogWifCoin’s account.

“Notably for these attacks it is likely not the fault of either the Pump Fun or Jupiter DAO teams. I suspect a threat actor is social engineering employees at X with fraudulent documents / emails or a panel is being exploited,” ZachXBT said.

Disclaimer