Key Takeaways
- Cybercriminals gained unauthorized access to SpaceXAI and Starlink X profiles to advertise a fraudulent cryptocurrency named SCATMAN
- The perpetrator created 10 trillion SCATMAN tokens and liquidated them for approximately $125,000 worth of Ethereum
- Blockchain monitoring service Lookonchain discovered two cryptocurrency wallets associated with the cybercriminal
- Both compromised accounts had the fraudulent content deleted shortly after detection
- This incident represents the latest in a growing trend of compromised social accounts facilitating rapid cryptocurrency scams
Cybercriminals successfully infiltrated the SpaceXAI and Starlink profiles on X, leveraging them to advertise a fraudulent cryptocurrency called SCATMAN. The perpetrators escaped with approximately $125,000 worth of Ethereum before the malicious posts were discovered and removed.
Breaking Down the SCATMAN Cryptocurrency Scheme
Blockchain analytics firm Lookonchain detected the fraudulent activity and successfully tracked the misappropriated cryptocurrency to two distinct digital wallets.
The cybercriminal generated 10 trillion SCATMAN tokens from scratch. The perpetrator then liquidated the complete token supply in exchange for 59 Ethereum, valued at approximately $108,000.
A secondary wallet tied to the identical perpetrator offloaded an additional 59.28 million SCATMAN tokens in exchange for 14.7 Ethereum, contributing roughly $27,000 to the overall proceeds.
Together, both cryptocurrency wallets accumulated just below $125,000. Lookonchain made both wallet identifiers available to the public.
Social media users shared screenshots depicting the SpaceXAI and Starlink profiles seemingly resharing posts from the SCATMAN profile. BeInCrypto was unable to independently confirm these allegations.
When the incident became public knowledge, the reshared content had already been removed from both profiles. BeInCrypto contacted SpaceX for commentary but received no reply before publication.
Recurring Trend of Social Media Account Compromises
This represents far from an unprecedented occurrence. Compromised social media profiles have evolved into a preferred mechanism for executing swift cryptocurrency scams.
Fraudsters specifically pursue accounts with substantial audiences because the inherited legitimacy generates immediate token purchases before investors discover the cryptocurrency’s fraudulent nature.
During February 2025, cybercriminals seized control of Pump.fun’s X profile to distribute a counterfeit token labeled PUMP. A single cryptocurrency wallet generated over $135,000 within 60 seconds.
Former Malaysian leader Mahathir Mohamad’s profile also fell victim to exploitation for token promotion purposes. That particular scheme generated $1.7 million in investor damages.
Myanmar’s military leadership and World Liberty Financial executive Zach Witkoff experienced comparable incidents during that same period.
The operational methodology remains identical throughout each occurrence. A reputable account undergoes compromise, a cryptocurrency token launches immediately, and the perpetrator liquidates holdings before legitimate account control is restored.
The SpaceXAI and Starlink profiles possess substantial brand recognition connected to Elon Musk, positioning them as premium targets for this category of fraudulent activity.
The SCATMAN cryptocurrency scam was executed swiftly, and Lookonchain has publicly exposed the perpetrator’s wallet addresses.
At publication time, neither SpaceX nor Starlink had issued official statements regarding the security breach.



