The cryptocurrency industry has faced a fresh wave of security breaches, with two major incidents showing the ongoing risks associated with digital asset platforms. The official X account of Pump.fun was compromised on Feb. 26, leading to the promotion of a fake governance token, while forensic investigations into the recent Bybit exploit revealed that North Korea’s Lazarus Group was behind the $1.4 billion hack—the largest in crypto history.
Pump.fun X Account Hacked to Promote Fake "PUMP" Token: Latest in a Wave of Crypto Scams
The official X account of Pump.fun, a prominent launchpad for meme coins, was compromised on Feb. 26, 2025, leading to the promotion of a fraudulent governance token called “PUMP” and other deceptive cryptocurrencies. This breach is part of an ongoing trend of social media hacks targeting the crypto community, further highlighting the growing cybersecurity crisis in the industry.
Shortly after the account was taken over, well-known blockchain investigator ZackXBT issued a warning to the crypto community, urging users to avoid engaging with any links shared by the hacked Pump.fun account.
According to ZackXBT’s on-chain analysis, this incident appears to be directly linked to the February 2025 hack of the Jupiter DAO account and the DogWifCoin X account breach in November 2024. The investigator also emphasized that these breaches were not due to any fault of the teams behind these projects but rather part of a larger pattern of targeted social engineering attacks on high-profile crypto entities.
The attackers used the compromised Pump.fun account to post a message promoting a fraudulent "governance token", promising rewards for early adopters in an attempt to lure in unsuspecting users.
The Pump.fun team has since acknowledged the breach and is actively working to regain control of the account.
In a statement shared via their official Telegram channel, the team reassured users that they were not behind the promotion of the fake token and warned against interacting with any posts related to "PUMP."
This latest security incident adds to a growing list of social media hacks that have exploited major crypto platforms and figures to push scam tokens. It comes shortly after the record-breaking $1.4 billion Bybit hack, the largest single crypto hack in history, which has amplified concerns over the security of Web3 platforms and social media-integrated crypto marketing.
The Pump.fun hack is just one of several incidents where bad actors have seized control of influential accounts to promote fraudulent tokens. Recent high-profile cases include:
Argentine President Javier Milei’s promotion of the LIBRA token in a now-deleted X post on Feb. 14, 2025. The token was initially marketed as a project to inject liquidity into startups and small businesses in Argentina. However, Milei later distanced himself from the project, leading to a $107-million rug pull. The fallout has been described as an international scandal.
The Bermuda Premier David Burt’s X account was hacked on the same day to promote a fraudulent token called “Bermuda National Coin”. Following the posts, multiple fake "Bermuda National Coin" meme coins were created on Pump.fun, exploiting the situation. Premier Burt called out Elon Musk and the X team, questioning how the scammer managed to obtain a gray checkmark verification, which is typically reserved for government officials.
The growing trend of high-profile figures and crypto platforms falling victim to social media-driven crypto scams has raised alarms among industry experts. Venture capitalist Nic Carter weighed in on the issue, arguing that the meme coin market may be reaching its breaking point.
These developments are reigniting discussions about the lack of robust security measures on social media platforms, as well as the ease with which hackers can impersonate reputable figures to manipulate crypto markets.
The Future of Crypto Cybersecurity: Industry at a Crossroads
The recent hacks shed light on a critical need for better security in the crypto industry, particularly in the intersection of social media and decentralized finance (DeFi). With billions of dollars at stake and an increasing number of fraudulent projects appearing, users and platforms alike must prioritize cybersecurity measures.
Security experts recommend the following precautions for crypto firms and investors:
Enable multi-factor authentication (MFA) on all accounts.
Avoid clicking on suspicious links or engaging with posts promoting new tokens from compromised accounts.
Verify official announcements through multiple trusted sources before making investment decisions.
Report suspected scams to social media platforms and blockchain security firms.
As the Pump.fun team works to restore its X account and clean up the damage caused by the hack, this incident serves as another stark reminder of the vulnerabilities that exist in the crypto ecosystem. With cyberattacks becoming increasingly sophisticated, the battle between security and exploitation continues, leaving crypto investors and projects at constant risk.
Forensic Investigations Reveal Lazarus Group Behind $1.4 Billion Bybit Hack
In related news, a series of forensic investigations into the largest crypto hack in history has confirmed that North Korea’s Lazarus Group was behind the $1.4 billion exploit of Bybit. The attack, which took place on Feb. 21, 2025, was facilitated by compromised SafeWallet credentials, allowing hackers to infiltrate the exchange’s infrastructure and execute a devastating security breach.
On Feb. 26, 2025, Bybit released an official statement confirming the findings of forensic cybersecurity firms Sygnia and Verichains. Their reports concluded that the attack was enabled by stolen credentials belonging to a Safe developer, which granted unauthorized access to SafeWallet’s infrastructure.
The attack was initiated through malicious JavaScript code injected into SafeWallet’s Amazon Web Services (AWS) infrastructure. This manipulated the signing process, deceiving security protocols into approving fraudulent transactions.
Following the attack, the SafeWallet team worked swiftly to mitigate further risks by:
Rebuilding and reconfiguring all infrastructure
Rotating all security credentials
Implementing additional security measures to close the attack vector
Despite the scale of the breach, both forensic experts and SafeWallet developers confirmed that Bybit’s core infrastructure remained uncompromised.
The Bybit exploit surpassed all previous crypto breaches, eclipsing the Ronin Network attack ($625M) in 2022 and the Poly Network heist ($610M) in 2021. The stolen funds primarily consisted of liquid-staked Ether (stETH), valued at approximately $2,314 per token at the time of the attack.
According to Cyvers data, the Bybit hack accounted for more than 60% of all stolen crypto funds in 2024, making it the most significant security incident in the industry’s history.
Despite the severity of the breach, Bybit acted swiftly to replenish user assets, ensuring that operations continued without major disruptions. The exchange secured funds through a combination of loans, asset purchases, and large holder deposits to cover the lost assets.
Bybit CEO Ben Zhou confirmed that the exchange borrowed 40,000 ETH from Bitget to meet withdrawal demands immediately after the attack. The loan has since been fully repaid, allowing Bybit to restore 100% full backing of client assets.
The aftermath of the Bybit hack had immediate consequences for the broader cryptocurrency market. The exploit triggered a sharp decline in the price of Ether, with panic selling intensifying volatility across major digital assets.
The incident has also sparked renewed concerns over crypto security, particularly regarding custodial risks and third-party infrastructure vulnerabilities. Industry analysts warn that exchanges must reinforce security measures to prevent similar breaches in the future.
North Korea’s Lazarus Group: The Cybercrime Giant
The attack on Bybit is the latest in a string of high-profile crypto hacks linked to the Lazarus Group, a North Korean state-backed hacking collective known for its sophisticated cyber warfare tactics.
According to blockchain intelligence firm Elliptic, Lazarus Group has been responsible for billions of dollars in crypto thefts over the past five years, using stolen funds to finance North Korea’s nuclear and ballistic missile programs.
Lazarus has previously been tied to:
The $625M Ronin Bridge hack (March 2022)
The $100M Harmony Bridge hack (June 2022)
The $41M Stake.com hack (September 2023)
The $55M CoinEx hack (September 2023)
Bybit’s exploit now ranks as the largest heist orchestrated by the Lazarus Group, raising concerns about the group’s evolving cyber capabilities and the persistent threat to the cryptocurrency industry.
As the Bybit incident shows the vulnerabilities within third-party wallet providers, security experts are calling for stronger measures to prevent similar attacks, including:
Mandatory multi-signature authentication for high-value transactions
Enhanced security audits for wallet infrastructure
Decentralized security frameworks to reduce reliance on centralized access points
Real-time threat monitoring and AI-based anomaly detection systems
The Bybit hack serves as a wake-up call for exchanges, investors, and the broader crypto ecosystem. With state-sponsored hacking groups targeting high-value platforms, the industry must adapt to fortify its defenses and prevent further billion-dollar breaches.
