Pump.fun hack: Scammers push fake governance token
Hackers took over Pump.fun’s X account, promoting a fraudulent token that briefly hit a $5M market cap.

On Wednesday, hackers seized control of Pump.fun’s official X account—using it to promote a fake $PUMP token.
They falsely claimed it was the platform’s “official governance” token, even including a scam contract address to boost credibility. To make the ploy more convincing, they lifted an image from Pump.fun's mobile app launch video and used it in the post.
The community quickly grew suspicious, with some warning that the account had been compromised. Alon Cohen, the platform's co-founder, later confirmed the hack and urged traders to be careful.
@pumpdotfun account has just been compromised. Please don’t interact
— alon (@a1lon9) February 26, 2025
Despite clear warnings and signs of manipulation, traders rushed in anyway. According to blockchain analytics firm Bubblemaps, the $PUMP token’s value briefly surged to a $5 million market cap before crashing.
The firm also reported that two clusters—or groups of wallet addresses—held over 60% of the token’s supply. While the token reached this peak, it's unclear how much investors collectively lost before its value collapsed.
60%+ is the supply held in 2 clustershttps://t.co/SKqYVtN9OB
— Bubblemaps (@bubblemaps) February 26, 2025
Crypto detective ZachXBT traced the hack to earlier attacks on Jupiter DAO and DogWifCoin’s X accounts. He noted that neither team was at fault and suggested social engineering may have played a role.
The Pump.fun team eventually regained control, stating: “The security protocols taken by the team to secure the X account were thorough, relied on industry best practices, and focused on minimizing the risk of such an event occurring.”
They also clarified: “Pump.fun or anyone affiliated with the brand (e.g., Alon Cohen) would NEVER post a CA, a wallet address, or anything of that sort.”
we've regained access to this account. Based on current information, the extent of the compromise was limited to this X account.
— pump.fun (@pumpdotfun) February 26, 2025
TL:DR: the security protocols taken by the team to secure the X account were thorough, relied on industry best-practices, and focused on minimizing…
While alarming, the hack was hardly unique. Crypto has long been a target of social media scams and million-dollar losses.
These incidents underscore the need for stronger defenses—like two-factor authentication (2FA), separate email setups, and vigilance against phishing. They also reinforce the importance of DYOR (do your own research) and thinking twice before acting, as X has become a hotspot for fraudulent endorsements.
As the crypto landscape evolves, so do the threats. Whether you're new or experienced, the message is clear: security isn’t optional—it’s essential.