Advertisement for 5fXBptIOLaA?si=-QAVpQnM0DVFw-al

Pump.fun hack: Scammers push fake governance token

Hackers took over Pump.fun’s X account, promoting a fraudulent token that briefly hit a $5M market cap.

By Joanna BuenconsejoFeb. 27th - 5pm

2 min read

Pump.fun memecoin platform was hacked to promote fake governance PUMP token — Alon Cohen, Pump.fun's co-founder, has confirmed the hack and urges traders to be careful. Photo: Wikimedia Commons / Thiscoin

On Wednesday, hackers seized control of Pump.fun’s official X account—using it to promote a fake $PUMP token.

They falsely claimed it was the platform’s “official governance” token, even including a scam contract address to boost credibility. To make the ploy more convincing, they lifted an image from Pump.fun's mobile app launch video and used it in the post.

The community quickly grew suspicious, with some warning that the account had been compromised. Alon Cohen, the platform's co-founder, later confirmed the hack and urged traders to be careful.

@pumpdotfun account has just been compromised. Please don’t interact
— alon (@a1lon9) February 26, 2025

Despite clear warnings and signs of manipulation, traders rushed in anyway. According to blockchain analytics firm Bubblemaps, the $PUMP token’s value briefly surged to a $5 million market cap before crashing.

The firm also reported that two clusters—or groups of wallet addresses—held over 60% of the token’s supply. While the token reached this peak, it's unclear how much investors collectively lost before its value collapsed.

60%+ is the supply held in 2 clustershttps://t.co/SKqYVtN9OB
— Bubblemaps (@bubblemaps) February 26, 2025

Crypto detective ZachXBT traced the hack to earlier attacks on Jupiter DAO and DogWifCoin’s X accounts. He noted that neither team was at fault and suggested social engineering may have played a role.

The Pump.fun team eventually regained control, stating: “The security protocols taken by the team to secure the X account were thorough, relied on industry best practices, and focused on minimizing the risk of such an event occurring.”

They also clarified: “Pump.fun or anyone affiliated with the brand (e.g., Alon Cohen) would NEVER post a CA, a wallet address, or anything of that sort.”

we've regained access to this account. Based on current information, the extent of the compromise was limited to this X account.

TL:DR: the security protocols taken by the team to secure the X account were thorough, relied on industry best-practices, and focused on minimizing…
— pump.fun (@pumpdotfun) February 26, 2025

While alarming, the hack was hardly unique. Crypto has long been a target of social media scams and million-dollar losses.

These incidents underscore the need for stronger defenses—like two-factor authentication (2FA), separate email setups, and vigilance against phishing. They also reinforce the importance of DYOR (do your own research) and thinking twice before acting, as X has become a hotspot for fraudulent endorsements.

As the crypto landscape evolves, so do the threats. Whether you're new or experienced, the message is clear: security isn’t optional—it’s essential.