SpaceX and Starlink X Accounts Hacked to Promote SCATMAN Crypto Scam

by Anika Shah - Technology
0 comments

Security Breach Targets SpaceX and Starlink Accounts on X to Promote Cryptocurrency Fraud

Hackers compromised the official X (formerly Twitter) accounts of SpaceX and Starlink to distribute a fraudulent cryptocurrency scheme involving a token called “SCATMAN.” The unauthorized access occurred on November 15, 2024, as the accounts posted a series of posts directing followers to a malicious website. These posts claimed that SpaceX was launching a new cryptocurrency and encouraged users to connect their digital wallets to the site, a common tactic used in “drainer” scams to steal assets.

Timeline of the Account Takeover

Timeline of the Account Takeover

The breach became evident when the verified @SpaceX and @Starlink accounts began posting identical messages promoting the fraudulent token. According to reports from the cybersecurity community, the posts remained live for roughly 20 to 30 minutes before being removed. During this window, the attackers leveraged the high-profile nature of these accounts to reach millions of followers.

This incident follows a pattern of high-profile account takeovers on X. Previously, accounts belonging to other prominent technology figures and organizations have been hijacked to facilitate similar crypto-related scams. By gaining control of accounts with massive, verified followings, cybercriminals create an illusion of legitimacy that can deceive even cautious users.

How the SCATMAN Scam Operates

SpaceX Offers HACKER A Job After Hacking Into Starlink Satellites..

The scam utilized a classic phishing methodology. The malicious posts provided a link to a website designed to mimic a legitimate financial or crypto-service portal. Once a user clicked through, the site prompted them to link their cryptocurrency wallet—such as MetaMask or Trust Wallet—under the guise of claiming a reward or participating in a token “airdrop.”

When a user connects their wallet to a malicious site, they often inadvertently grant the attacker permission to access and transfer the funds held within that wallet. Unlike traditional hacks where a password is stolen, this technique relies on social engineering to trick the victim into authorizing the transaction themselves.

Risks of Wallet-Drainer Schemes

Risks of Wallet-Drainer Schemes

The use of verified accounts to promote these schemes has become a significant concern for digital security. Because the posts originate from accounts with the official blue checkmark, users are less likely to be skeptical of the content.

Security researchers at firms like PeckShield have frequently warned that these “drainer” kits are becoming increasingly sophisticated. They often use:
* Urgency: Creating a false sense of a limited-time opportunity.
* Impersonation: Using official branding to build immediate trust.
* Automation: Using bots to rapidly spread the links across replies and quote-posts to maximize visibility.

Protecting Digital Assets

To mitigate the risk of account takeovers and financial loss, cybersecurity experts emphasize several defensive measures:

* Hardware Security Keys: Moving away from SMS-based two-factor authentication (2FA) in favor of physical security keys (like YubiKey) significantly reduces the risk of remote account hijacking.
* Wallet Hygiene: Never connect a primary cryptocurrency wallet to an unfamiliar website, especially those promoted through social media posts—even if they appear to come from a verified account.
* Revoke Permissions: Users who believe they may have interacted with a malicious site should immediately use “revoke” tools to cancel any pending permissions granted to suspicious smart contracts.

As of this writing, SpaceX and Starlink have regained control of their respective accounts, and the fraudulent posts have been deleted. X has not released a formal statement regarding the specific vulnerability that allowed the accounts to be bypassed.

Related Posts

Leave a Comment