In theory, the more prominent the X account, the greater the potential return on the pump-and-dump, because many more people are likely to buy into the coin the scammer promotes. I tweet infrequently—mostly links to my articles—and have fewer than 2,800 followers, making me somewhat of an unlikely target. But I was valuable to the scammer for the likelihood that I am considered a trusted authority in my capacity as a crypto reporter.
“The greater exposure during the pump, the more likely it is that multiple inventors will buy into the messaging and buy into the eventual dump of the coin,” says John Powers, president at private investigation agency Hudson Intelligence.
X did not respond to a request for comment.
Though crypto coins have been used in pump-and-dump schemes for years, these maneuvers have become easier to execute with the arrival of memecoin launchpads, which allow anybody to create a coin instantly, at no cost. In my case, the scammer minted the WIRED-branded coin using Pump.Fun, by far the largest launchpad platform.
“A lot of coins are used for pump-and-dumps on Pump.Fun. And when [bad actors] combine a pump-and-dump with the hack of an X account, it’s potentially lucrative for them if executed correctly,” says Larratt.
“We continue to invest in making the platform safe for users,” said Pump.Fun spokesperson Troy Gravitt in a statement to WIRED. “When we find allegations of fraud, such as hacked X accounts shilling token scams, we’re able to delist those tokens from our front end to mitigate any threat they might pose to unsuspecting users.”
Despite the prevalence of memecoin rug pulls, investors continue to pile into coins. “A lot of the appreciation of value in memecoins occurs very early in the process, soon after launch,” says Powers. “There’s this chance you might get in at the right moment and make a killing … Timing is everything. The legitimacy of the offering is a secondary concern to many people it seems.”
I realized that my X account had been taken over on February 17, the day before the fraudulent WIRED coin was released. Have I Been Pwned, a service that lets people check whether their information has been exposed in data breaches and hacks, indicates that my X credentials had previously been distributed on a hacking forum, providing one possible explanation for my account having been compromised. Fatally, I had not put in place two-factor authentication, which meant that my password was all somebody needed to seize control of the account.
Because the scammer had swapped out my recovery email, I had to go through a longer, more arduous recovery process with X, which meant that I did not immediately regain my account. By the following morning, it was already too late. An analysis of transaction data shows that the person or group who hacked my X account created the WIRED token at 1:20 am UTC that morning.
When somebody creates a coin on Pump.Fun, they release one billion units into circulation and typically purchase some themselves at a nominal rate. In this case, the scammer snapped up around 5 percent of the total supply with the same crypto wallet used to issue the coin, then acquired more using two separate wallets immediately after trading began, according to analysis by Powers and Chainalysis. They used these secondary wallets to conceal the extent of their holdings from the investing public. “You can buy a certain amount of your own token. But if you buy a lot, nobody is going to buy in because it’s very suspicious,” says Larratt.
