On February 26th, the X account of the “meme token factory” Pump.fun was hacked to promote fraudulent coins. The project team regained access to the account the same day.
we’ve regained access to this account. Based on current information, the extent of the compromise was limited to this X account.
TL:DR: the security protocols taken by the team to secure the X account were thorough, relied on industry best-practices, and focused on minimizing…
— pump.fun (@pumpdotfun) February 26, 2025
Initially, the hacker posted information about a fake governance token for platform users, including a wallet address. Later, they began promoting meme coins with names hinting at the hack itself (HACKED and hackeddotfun).
On-chain investigator ZachXBT linked the Pump.fun hack to recent attacks on other X accounts. Among the victims were Jupiter DAO and DogWifCoin, which were also used to promote fake meme tokens.
The expert believes that project representatives are not at fault for the incidents. ZachXBT suggested that the hacker “engages in social engineering of X employees using fake documents/emails or exploits the system.”
Previously, an X user with the nickname DFarmer accused Pump.fun of extracting $600 million from the ecosystem over the year and converting it to fiat.
Some more stats. Wild numbers. https://t.co/hFb1eBtMKI
— DFarmer (@OGDfarmer) February 26, 2025
He emphasized that the “meme token factory” launched nearly 9 million coins, none of which have a market capitalization exceeding $500 million.
Since its launch in January 2024, Pump.fun’s total revenue from fees reached $431 million.
Earlier, rumors surfaced that the platform might add automated market maker (AMM) functions. A trader known as trenchdive reported that on February 20th, the Pump.fun team added the first test token CRACK to the AMM pool.