Key Takeaways:
- Hackers compromised SpaceXAI and Starlink X accounts to promote SCATMAN
- Attacker minted 10 trillion tokens and sold for 73.7 ETH ($125,000)
- Lookonchain traced stolen funds across two flagged phishing wallets
Key Takeaways:

Hackers seized control of SpaceXAI and Starlink accounts on X to promote a fraudulent SCATMAN token, netting $125,000 in Ethereum.
"Lookonchain traced the stolen funds across two wallets linked to the same attacker," the on-chain analytics platform said in a post.
The attacker minted 10 trillion SCATMAN tokens and sold the entire supply for 59 ETH, worth about $108,000. A second wallet sold an additional 59.28 million tokens for 14.7 ETH, valued at roughly $27,000, bringing total proceeds to about 73.7 ETH.
The scheme follows a recurring pattern in which attackers weaponize trusted social accounts for fast token launches and quick sell-offs before platforms regain control. Similar breaches hit Pump.fun's X account in February 2025, netting $135,000, and former Malaysian Prime Minister Mahathir Mohamad's account, which stole $1.7 million.
The malicious posts were no longer visible on the SpaceXAI and Starlink accounts as of press time. BeInCrypto could not independently verify the account compromises and has reached out to SpaceX for comment.
Lookonchain identified two Ethereum addresses tied to the attacker: 0xfee50d4ce48f2d05f520ce04c875647e4870a8ba and 0xdd9f6d3e16ebda7f35cb694ceadb50af3eebba89. The wallets followed a pattern common in laundering chains, moving funds through temporary addresses to obscure the trail.
Each incident follows the same playbook: a breach, a fast token launch, and a rapid sell-off before the platform regains control. The SCATMAN case adds to a growing list of high-profile account takeovers aimed at promoting fraudulent tokens, raising questions about X's security protocols for verified accounts.
This article is for informational purposes only and does not constitute investment advice.