ZachXBT Reveals Details About the Pump.fun Hack: Who’s Behind It?
On February 26, 2025, ZachXBT took to his Telegram channel (@zachxbt) to sound the alarm – Pump.fun’s X (formerly Twitter) account had been hacked. His advice? Stay away. Don’t click. Don’t engage.
On this page
The hackers wasted no time, launching a fake governance token, $PUMP, and convincing people it would grant them voting power over the protocol. Astonishingly, it took off, reaching millions in market cap on launch day based on DEX Screener. But, as expected, the hype was short-lived. Now, the market cap sits at a mere $27,000.
Pump.fun eventually regained control of its X account, assuring users that the hack was limited to social media. The project thanked ZachXBT for his assistance and shared some of his findings.
Same Hackers, Different Targets? ZachXBT Thinks So
Through meticulous on-chain analysis, ZachXBT linked the Pump.fun hack to two other breaches: Jupiter DAO’s X account compromise in February 2025 and DogWifCoin’s in November 2024. Both incidents followed a familiar pattern: social media accounts hijacked to promote scam tokens.
In the DogWifCoin (WIF) incident, the official X account was compromised on November 15, 2024. Hackers used the account to disseminate multiple fraudulent token contracts, misleading followers into engaging with counterfeit tokens.
Similarly, on February 6, 2025, Jupiter Exchange’s X account was breached. The attackers exploited the platform’s account to advertise a fake memecoin called $MEOW, which quickly surged in market value, before the liquidity was drained.
Before casting blame on the projects, ZachXBT clarified: Pump.fun and Jupiter DAO aren’t at fault. He suspects the attackers are employing social engineering tactics to manipulate X employees or exploiting internal tools. As he stated:
Notably for these attacks it is likely not the fault of either the Pump Fun or Jupiter teams.
I suspect a threat actor is social engineering employees at X with fraudulent documents/emails or a panel is being exploited.
ZachXBT: The Community’s Watchdog
ZachXBT has become one of the most trusted independent blockchain investigators out there. His work is always helping to uncover scams, protect users, and hold bad actors accountable.
Recently, he dug into the $1.5 billion ByBit hack and found that the North Korean threat actor Lazarus Group is probably behind it. In a space full of risks and rug pulls people like ZachXBT are key to keeping the crypto community safe and in the know.
How to Stay Safe in Crypto
In the meantime, Pump.fun reminded users that they will NEVER post a crypto contract, wallet address, or anything similar. They encouraged users to always double-check information before taking action and to exercise caution when interacting with social media announcements.
With such attacks becoming more frequent, it’s imperative to cross-verify information and rely on trusted sources – because in crypto, even one misstep can have significant consequences.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
