Official X accounts associated with SpaceX and Starlink were reportedly compromised and briefly used to promote a fraudulent cryptocurrency scam.
According to reports, the attackers used an account called Sam Catman, which displayed a badge falsely linking it to SpaceX’s artificial intelligence initiatives.
The official SpaceX and Starlink X accounts then allegedly reposted content promoting the SCATMAN cryptocurrency, giving it an appearance of legitimacy.
At the time of writing, neither SpaceX nor X had publicly confirmed the reported compromise or provided details about how the accounts may have been accessed.
Key takeaways of the SpaceX and Starlink X Account Hack
- Official SpaceX and Starlink X accounts were reportedly compromised to promote the fraudulent SCATMAN cryptocurrency.
- The reported rug pull generated nearly $125,000 in Ethereum before the fraudulent posts were removed.
- Cybercriminals hijack trusted, verified social media accounts to rapidly promote cryptocurrency scams.
- Previous X account takeovers have often resulted from phishing and other social engineering attacks rather than sophisticated exploits.
How the SCATMAN crypto rug pull worked
Blockchain analytics platform Lookonchain reported that the attacker minted 10 trillion SCATMAN tokens before selling the entire supply for approximately 59 ETH, valued at roughly $108,000.
Lookonchain also identified a second wallet that sold an additional 59.28 million SCATMAN tokens for approximately 14.7 ETH, worth about $27,000.
Combined, the two wallets reportedly generated nearly $125,000 in Ethereum before the scam concluded.
The incident followed the classic pattern of a “rug pull,” where attackers create a cryptocurrency token, encourage investors to buy it, and then rapidly sell their holdings or drain the token’s liquidity.
Once the liquidity disappears, remaining investors are left holding essentially worthless assets with little opportunity to recover their funds.
Screenshots shared online appeared to show the fraudulent reposts mixed alongside routine SpaceX content, making the promotion appear authentic rather than signaling an obvious account takeover.
As of publication, the reposts had been removed from the affected accounts.
Why hackers target verified social media accounts
This incident reflects a growing trend in which attackers hijack high-profile social media accounts to promote fraudulent cryptocurrency projects.
Rather than building credibility from scratch, cybercriminals leverage the trust already established by recognizable organizations, public figures, or government agencies.
A single post from a verified account can instantly reach millions of followers, increasing the likelihood that users will believe the promotion is legitimate.
Similar incidents have occurred in recent years, including the compromise of the SEC’s X account in 2024, which falsely announced approval of spot Bitcoin exchange-traded funds.
Other public figures and media personalities have also had their accounts abused to promote fraudulent cryptocurrency tokens.
SpaceX-branded cryptocurrency scams are not new either.
Other campaigns have used fake SpaceX investment opportunities across social media platforms to deceive investors into purchasing fraudulent tokens before funds disappeared.
How social engineering leads to X account takeovers
While the exact compromise method remains unknown at this time, previous X account takeovers have resulted from social engineering attacks.
Attackers often use phishing emails that imitate platform security notifications or account policy alerts to steal login credentials.
In other cases, unauthorized access to phone numbers or recovery mechanisms tied to social media accounts has enabled attackers to bypass standard account protections.
Because official brand accounts carry credibility, even a brief compromise can expose millions of users to fraudulent content before organizations regain control.
How organizations can prevent social media account takeovers
Organizations that manage high-profile social media accounts should treat them as critical business assets rather than marketing channels alone.
Organizations can reduce the risk of social media account compromises by:
- Enabling phishing-resistant multifactor authentication, preferably with hardware security keys.
- Limiting administrative access and separate publishing, security, and account management roles.
- Regularly audit account recovery settings, connected applications, and administrator permissions.
- Use role-based publishing workflows with approval controls for sensitive posts.
- Continuously monitor social media accounts for unauthorized posts, account changes, and suspicious activity.
- Train employees to add a secondary verification step to protect against social engineering attacks.
- Test incident response plans and use simulations with scenarios around social media account compromise and brand risk.
Collectively, these steps can help organizations reduce the blast radius of account takeovers and build resilience.
As investigations continue, the reported SpaceX and Starlink incident serves as another reminder that trusted online identities remain valuable targets for financially motivated attackers seeking fast profits through cryptocurrency fraud.





