SpaceX and Starlink X Accounts Compromised to Promote Fake Crypto Scam
Official SpaceX and Starlink X accounts were briefly compromised to promote a fraudulent cryptocurrency, leading to a 'rug-pull' scam that defrauded investors.

The official X (formerly Twitter) accounts for SpaceX and its Starlink internet service were reportedly compromised, allowing threat actors to briefly promote a fraudulent cryptocurrency. The scam involved a fake employee account, "Sam Catman," which posted promotional content for a new crypto coin. This content was then reposted by the official SpaceX and Starlink accounts, leveraging the companies' massive follower base and verified status to lend the scam an air of legitimacy.
Screenshots circulating online suggest the malicious repost was integrated directly into the accounts' normal posting activity, appearing alongside legitimate updates about SpaceX's Grok AI model. This method of insertion, rather than a blatant account takeover banner, likely made the fraudulent promotion harder to detect immediately. The scam followed a familiar pattern: investors purchased the newly promoted token, only to be "rug-pulled" shortly thereafter. This common cryptocurrency scam involves the perpetrators draining the token's liquidity pool once enough victims have invested, leaving holders with worthless assets and no recourse for their losses.
This incident is not an isolated event, as high-profile and official X accounts have repeatedly been hijacked to push fraudulent tokens. Notable past incidents include the U.S. SEC's account falsely announcing Bitcoin ETF approval in January 2024 and a BBC presenter's account being used to promote a fake Solana token. SpaceX-branded crypto scams have also circulated for years, with a 2021 campaign on YouTube reportedly stealing approximately $1 million before the liquidity was pulled.
Attackers frequently target large, trusted brand accounts due to the instant reach to millions of followers. The platform's verification checkmark or affiliate badges create a false sense of authenticity, which can significantly lower potential victims' guard. The compromise vectors in similar incidents often involve phishing emails that mimic platform policy notices or unauthorized access to phone numbers used for account recovery, rather than highly sophisticated technical exploits.
As of the report's publication, neither SpaceX nor X had issued an official public statement confirming the compromise, its scope, or its resolution. Details continued to emerge primarily from user reports and shared screenshots. The incident highlights the ongoing risks associated with social media account security, particularly for high-profile entities whose compromised platforms can be weaponized for widespread fraud.
The reliance on trusted brand names and the speed at which fraudulent information can spread on social media platforms underscore the need for robust security measures and rapid incident response protocols for all organizations, especially those with significant public-facing digital assets. The financial implications for victims of such "rug-pull" schemes can be devastating, emphasizing the critical importance of due diligence for cryptocurrency investors.