ZachXBT investigation links Memecoin team to hacker attack on crypto influencer’s account

Last update:

May 27, 2024, 5:32 p.m. EDT
| 2 minutes reading time

A new investigation led by ZachXBT on May 27 accused the creators of a new memecoin of hacking the account of a crypto influencer, uncovering a complex scheme to manipulate cryptocurrency prices.

The investigation, conducted by pseudonymous blockchain investigator ZachXBT, uncovered that the team behind CAT, a Solana-based memecoin, hacked the Twitter account of crypto influencer Gigantic-Cassocked-Rebirth (GCR) on May 26. Their goal was to influence the prices of certain cryptocurrencies through fraudulent means.

According to investigation, crypto influencer GCR’s account was hacked by the Memecoin team

Late Sunday, popular crypto influencer Gigantic-Cassocked-Rebirth (GCR) was hacked on his X account (formerly Twitter).

1/ An investigation into how the @Sol ($CAT) Meme Coin Team is affiliated with the @GCRClassic Last night’s hack.

A few minutes before the hack, an address linked to them opened long positions on Hyperliquid worth $2.3 million in ORDI and $1 million in ETHFI.

Let’s dive in. pic.twitter.com/009BdPBfM1

— ZachXBT (@zachxbt) May 27, 2024

The hacker used GCR’s account to promote ORDI and Luna 2.0 tokens, causing brief price spikes. GCR later confirmed the crash and urged its followers to ignore any promotional content on its channels.

However, ZachXBT’s investigation revealed that the team behind the CAT memecoin orchestrated the hack. ZachXBT found that the scheme began with the coin’s launch on May 24, during which the team gained control of more than 63% of CAT’s supply. They then sold over $5 million worth of CAT and distributed the profits across multiple wallets. Further analysis showed that some funds flowed into Hyperliquid for trading.

6/ On May 26 at 17:55 UTC a hacker from @GCRClassic A compromised account posted that ORDI caused the price increase.

0x5e3 closes the long position from 17:56 UTC to 18:00 UTC with a profit of ~$34,000. pic.twitter.com/uYIayqM537

— ZachXBT (@zachxbt) May 27, 2024

Notably, prior to the hack, the perpetrators opened long positions worth $2.3 million on ORDI (ORDI) and $1 million on Ether.fi (ETHFI).

Following the hack, the price of ORDI briefly rose from around $40 to $44 before falling back to $40, with the scammer making a profit of around $34,000. Additionally, Luna 2.0 saw a brief 274% increase. A subsequent post was shared to boost ETHFI, but the market did not react as expected, resulting in a $3,500 loss for the attackers, who closed the position.

“Fraudsters have low IQs, as the horrific execution proves,” ZachXBT commented on the incident. “People are letting scammers scam them out of seven figures just for buying an expensive username and making mysterious posts. Stop giving meme coin callers a platform.”

It is unclear whether this group is behind other similar attacks on crypto influencers in recent days.

SIM swapping and bribery hacks on X celebrity accounts

According to ZachXBT’s findings, the breach was enabled by a SIM swapping attack, a method in which fraudsters trick a mobile operator into transferring the victim’s phone number to a SIM card controlled by the attacker.

GCR believes that someone at X.com may have been bribed to gain access to their account, leading to the security breach.

“I was informed two months ago by someone associated with Twitter that bribes had been paid to access my account, and I have since beefed up security,” GCR said. “But there is no security when X employees are taking money for admin access.”

GCR later confirmed the hack and asked followers to ignore all advertising posts.

Also late Sunday, Caitlyn Jenner, the reality TV star and Olympic athlete, announced the launch of its cryptocurrency tokenJENNER, via a post on her X account. The token was created using Solana’s memecoin platform pump.fun. As of Monday morning, JENNER had reached a market cap of $37 million.

In response to concerns about a hack, Jenner and her manager Sophia Hutchins posted videos on their X account to confirm the legitimacy of the memecoin. Despite these assurances, some users are still skeptical and suspect that the videos could be deepfakes.

Rapper Rich The Kid also prposted a memecoin, RICH, via a Pump.fun link in now-deleted X-posts. On Monday morning, Rich The Kid posted a video claiming that his X account had been hacked, resulting in unauthorized promotion of the RICH token.