TLDR
- Hackers broke into the SpaceXAI and Starlink accounts on X to promote a fake meme coin called SCATMAN
- The attacker minted 10 trillion SCATMAN tokens and sold them for around $125,000 in Ethereum
- On-chain tracker Lookonchain identified two wallets linked to the hacker
- The reposts were removed from both accounts shortly after the scheme was flagged
- This follows a pattern of hijacked social media accounts being used to run fast rug pulls
A hacker broke into the SpaceXAI and Starlink accounts on X and used them to promote a meme coin called SCATMAN, walking away with around $125,000 in Ethereum before the posts were taken down.
Hacker Makes $125K After Hijacking SpaceXAI & Starlink X Accounts
The attacker promoted a fake $SCATMAN token through compromised social media accounts, minted trillions of tokens, and earned about $125,000 by dumping them before the scam was exposed.
Hacker's Wallet Addresses:… pic.twitter.com/YcjxPSRB8S
— Crypto Patel (@CryptoPatel) July 13, 2026
How the SCATMAN Rug Pull Worked
On-chain analytics platform Lookonchain flagged the scheme and traced the stolen funds to two separate wallets.
The attacker minted 10 trillion SCATMAN tokens. They then sold the entire supply for 59 Ethereum, worth roughly $108,000.
A second wallet connected to the same attacker sold an additional 59.28 million SCATMAN tokens for 14.7 Ethereum, adding about $27,000 to the total haul.
Combined, the two wallets brought in just under $125,000. Lookonchain published both wallet addresses publicly.
Screenshots circulated on social media showing the SpaceXAI and Starlink accounts appearing to repost content from the SCATMAN account. BeInCrypto could not independently verify these claims.
By the time the story broke, the reposts were no longer visible on either account. BeInCrypto reached out to SpaceX for comment but had not received a response at the time of publication.
A Familiar Pattern of Account Hijacking
This is not an isolated incident. Hijacked social media accounts have become a common tool for running fast rug pulls.
Scammers target accounts with large followings because the borrowed credibility drives quick purchases before buyers realize the token is fraudulent.
In February 2025, hackers took over Pump.fun’s X account to push a fake token called PUMP. One wallet made over $135,000 in under a minute.
Former Malaysian Prime Minister Mahathir Mohamad’s account was also hijacked to promote a token. That scheme resulted in $1.7 million in losses.
Myanmar’s junta leader and World Liberty Financial co-founder Zach Witkoff were hit with similar attacks earlier that year.
The playbook is consistent across every case. A trusted account is taken over, a token is launched fast, and the attacker sells before the account owner can regain control.
The SpaceXAI and Starlink accounts carry clear name recognition tied to Elon Musk, making them high-value targets for this type of scheme.
The SCATMAN rug pull was completed quickly, and the attacker’s wallets have been publicly identified by Lookonchain.
As of press time, neither SpaceX nor Starlink had made a public statement about the breach.







