McDonald's Instagram Hacked to Shill Memecoin on Solana

On August 21, a group of hackers attacked McDonald's Instagram page to promote and conduct a rug pull of memecoin GRIMACE on Solana, causing a loss of $700,000.

On the evening of August 21, the official McDonald's Instagram account with more than 5 million followers was hacked by bad guys, then used to "shill" memecoin GRIMACE based on the chain's mascot.

The hackers took advantage of McDonald's Instagram account to share the wallet address of memecoin GRIMACE, and announced to millions of followers: "This is a completely new test of McDonald's on Solana."

Not stopping there, the scammer also attacked the X account of McDonald's Chief Marketing Officer (CMO) Guillaume Huin, posting a post related to the GRIMACE memecoin to link to the previous scam post on Instagram to add more credibility to this token.

The post from Guillaume Huin's account read:

"If you are holding $GRIMACE tokens, leave your Instagram account below. We will follow you from the official McDonald's page. Sincerely thank everyone for your great support for Grimace!"

Immediately, the community jumped into the FOMO fever with the GRIMACE memecoin. Within just 30 minutes, more than 205 transactions were made, pushing the capitalization to skyrocket 195,000%, from $102,900 to more than $25 million. However, the token value quickly split more than 40 times, dropping to around $500,000 in market capitalization after the hackers performed a rug pull, dumping all of their tokens and earning around $700,000 in profits.

According to data from Bubblemaps, the hackers took advantage of the memecoin issuance platform pump.fun to launch the GRIMACE token, holding up to 75% of the total supply. The group then distributed the tokens to around 100 different wallets to easily execute the rug pull plan, leading to the token's rapid collapse.

After the attack, the hacker group calling themselves "India X Kr3w" from India changed the bio of the McDonald's Instagram account, boasting about their "achievements" and revealing that they had earned $700,000 from this scam. The hackers wrote in their bio:

"Sorry, you just got scammed by India X Kr3w, thanks for the $700,000 on Solana."

The group also shared a link to the Telegram group, but only to post a music video for the song "Blue Bentley," in which the lyrics repeatedly praise "cashing out" – a reference to the appropriation of profits from the audacious scam.

The hack has put McDonald's at the center of criticism for its security flaws in managing its social media accounts. It took McDonald's more than an hour to regain control of the account and delete all GRIMACE-related posts on Instagram. However, in that short period of time, thousands of crypto investors rushed to trade GRIMACE in hopes of making a profit, resulting in more than $700,000 in losses for those unlucky enough to do so.

McDonald's later told the New York Post that it was aware of the "incident" affecting its social media accounts and quickly addressed the issue. McDonald's said:

"We have since fixed the situation on these accounts and apologize to our followers for any inappropriate language that occurred during that time."

The attack could have a negative impact on the blockchain projects McDonald's is developing. Previously in 2022, McDonald's began to step into the metaverse by registering to open a virtual restaurant or in 2023, the company launched the Grimace NFT collection, giving owners of this NFT a VIP status in the metaverse world that this food chain built.

The McDonald's incident once again raised concerns in the community when the wave of attacks on social media accounts of famous KOLs to promote memecoin on Solana continued to spread. Previously, the X accounts of large organizations such as Frax Finance, Trezor and even MicroStrategy, SEC and Vitalik Buterin were also hacked, causing significant damage to followers in a scenario similar to the way hackers took over McDonald's Instagram.

It seems that pump.fun has set a dangerous precedent for hackers who want to profit from users by issuing memecoins and attacking social media accounts of large organizations to promote fraudulent tokens.

Recent statistics show that, of the 16,300 tokens issued within 24 hours on pump.fun, only 175 tokens are eligible for trading on Raydium and only 19 tokens have a market capitalization of over $69,000. The majority of the remaining tokens appear to be created solely to serve "pump-dump" and rug pull schemes, causing many investors to fall into the scam trap.