SpaceX and Starlink X Accounts Hacked in Crypto Scam  | eSecurity Planet

SpaceX and Starlink X Accounts Hacked in Crypto Scam 

Reportedly compromised SpaceX and Starlink X accounts were used to promote a fraudulent cryptocurrency scam.

Written By
Ken Underhill
Ken Underhill
Jul 13, 2026
3 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Official X accounts associated with SpaceX and Starlink were reportedly compromised and briefly used to promote a fraudulent cryptocurrency scam. 

According to reports, the attackers used an account called Sam Catman, which displayed a badge falsely linking it to SpaceX’s artificial intelligence initiatives. 

The official SpaceX and Starlink X accounts then allegedly reposted content promoting the SCATMAN cryptocurrency, giving it an appearance of legitimacy. 

At the time of writing, neither SpaceX nor X had publicly confirmed the reported compromise or provided details about how the accounts may have been accessed.

Key takeaways of the SpaceX and Starlink X Account Hack

  • Official SpaceX and Starlink X accounts were reportedly compromised to promote the fraudulent SCATMAN cryptocurrency.
  • The reported rug pull generated nearly $125,000 in Ethereum before the fraudulent posts were removed.
  • Cybercriminals hijack trusted, verified social media accounts to rapidly promote cryptocurrency scams.
  • Previous X account takeovers have often resulted from phishing and other social engineering attacks rather than sophisticated exploits. 

How the SCATMAN crypto rug pull worked 

Blockchain analytics platform Lookonchain reported that the attacker minted 10 trillion SCATMAN tokens before selling the entire supply for approximately 59 ETH, valued at roughly $108,000.

Lookonchain also identified a second wallet that sold an additional 59.28 million SCATMAN tokens for approximately 14.7 ETH, worth about $27,000.

Combined, the two wallets reportedly generated nearly $125,000 in Ethereum before the scam concluded.

The incident followed the classic pattern of a “rug pull,” where attackers create a cryptocurrency token, encourage investors to buy it, and then rapidly sell their holdings or drain the token’s liquidity. 

Once the liquidity disappears, remaining investors are left holding essentially worthless assets with little opportunity to recover their funds.

Screenshots shared online appeared to show the fraudulent reposts mixed alongside routine SpaceX content, making the promotion appear authentic rather than signaling an obvious account takeover.

As of publication, the reposts had been removed from the affected accounts.

Advertisement

Why hackers target verified social media accounts 

This incident reflects a growing trend in which attackers hijack high-profile social media accounts to promote fraudulent cryptocurrency projects.

Rather than building credibility from scratch, cybercriminals leverage the trust already established by recognizable organizations, public figures, or government agencies. 

A single post from a verified account can instantly reach millions of followers, increasing the likelihood that users will believe the promotion is legitimate.

Similar incidents have occurred in recent years, including the compromise of the SEC’s X account in 2024, which falsely announced approval of spot Bitcoin exchange-traded funds. 

Other public figures and media personalities have also had their accounts abused to promote fraudulent cryptocurrency tokens.

SpaceX-branded cryptocurrency scams are not new either. 

Other campaigns have used fake SpaceX investment opportunities across social media platforms to deceive investors into purchasing fraudulent tokens before funds disappeared.

How social engineering leads to X account takeovers 

While the exact compromise method remains unknown at this time, previous X account takeovers have resulted from social engineering attacks.

Attackers often use phishing emails that imitate platform security notifications or account policy alerts to steal login credentials. 

In other cases, unauthorized access to phone numbers or recovery mechanisms tied to social media accounts has enabled attackers to bypass standard account protections.

Because official brand accounts carry credibility, even a brief compromise can expose millions of users to fraudulent content before organizations regain control.

Advertisement

How organizations can prevent social media account takeovers 

Organizations that manage high-profile social media accounts should treat them as critical business assets rather than marketing channels alone.

Organizations can reduce the risk of social media account compromises by:

  • Enabling phishing-resistant multifactor authentication, preferably with hardware security keys.
  • Limiting administrative access and separate publishing, security, and account management roles.
  • Regularly audit account recovery settings, connected applications, and administrator permissions. 
  • Use role-based publishing workflows with approval controls for sensitive posts.
  • Continuously monitor social media accounts for unauthorized posts, account changes, and suspicious activity.
  • Train employees to add a secondary verification step to protect against social engineering attacks.
  • Test incident response plans and use simulations with scenarios around social media account compromise and brand risk.

Collectively, these steps can help organizations reduce the blast radius of account takeovers and build resilience.

As investigations continue, the reported SpaceX and Starlink incident serves as another reminder that trusted online identities remain valuable targets for financially motivated attackers seeking fast profits through cryptocurrency fraud.

Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and technology leader with more than 25 years of experience in IT, cybersecurity, and risk management. His career spans network administration, incident response, penetration testing, and entrepreneurship, giving him firsthand experience helping organizations reduce risk and ensure compliance. Ken is also a former nurse and combat medic and he uses this background to break down complex cybersecurity topics into digestible content for a broad, global audience. A multi-exit cybersecurity founder, Ken has spent decades helping organizations strengthen their security posture, manage risk, and navigate complex technology challenges. His expertise includes overall cybersecurity strategy, cloud security, incident response, risk management, security awareness, and emerging threats affecting businesses. Ken is also an advisor to multiple startups on AI security and risk. In addition to his hands-on industry experience, Ken is a cybersecurity newsletter writer for TechnologyAdvice, where he covers cybersecurity news/trends and actionable best practices for business and IT professionals. Ken is also an educator with over 2 million people going through his courses over the years. He has won the Global Cybersecurity 40 under 40 (2x winner), the Cyber Champion award from Women's Society of Cyberjutsu, and the 2019 SC Media award for Outstanding Educator. Ken is also a volunteer with organizations like Minorities in Cybersecurity, Black Girls Hack, and the Whole Cyber Human Initiative, which helps veterans transition into security careers. Ken holds a Master of Science in Cybersecurity and Information Assurance from Western Governors University and a Bachelor of Science in Information Systems, with a major in Cybersecurity Management, from Strayer University. His certifications include the Certificate of Cloud Security Knowledge (CCSK), Certified Ethical Hacker (CEH), and Computer Hacking Forensic Investigator (CHFI) and he is a former adjunct professor of Digital Forensics. Ken also had a streaming cybersecurity television show from 2020-2022 that reached over 200K monthly viewers around the world. His work and expertise have been featured in Forbes, Reader's Digest, Medium, TechRepublic, Fox, NBC, CBS, Dark Reading, MSN Money, and other leading publications and media outlets, making him a trusted voice on cybersecurity, election security, and privacy.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.