Threat actors hijacked the verified SpaceX and Starlink X accounts to broadcast a fraudulent cryptocurrency giveaway scam to millions of digital followers.
In a highly disruptive security breach that exposes the persistent vulnerability of high-profile digital assets, an advanced cybercriminal entity successfully hijacked the primary public communication vectors of a dominant aerospace enterprise. Officially documented on Monday, July 13, 2026, the verified corporate accounts for both SpaceX and its satellite internet subsidiary, Starlink, were systematically compromised on the social media platform X. Moving with coordinated precision, the unauthorized actors weaponized the combined reach of these multi-million-follower accounts to launch an aggressive, real-time cryptocurrency drainer campaign. While corporate security teams managed to regain administrative control of the compromised profiles within a brief operational window, the incident has reignited intense debate regarding the adequacy of enterprise-grade credential security on consumer social networking platforms.
The technical mechanics of the digital assault materialized across the global social media landscape, explicitly targeting the primary algorithmic feeds of unsuspecting tech enthusiasts, space industry followers, and retail investors worldwide. During the active phase of the account takeover, the threat actors purged the standard corporate messaging history and replaced the official pinned content with highly deceptive promotional links. These malicious posts claimed that Elon Musk was launching a highly anticipated, proprietary cryptocurrency token to commemorate recent aerospace milestones. To maximize financial conversion rates, the scammers embedded malicious hyperlinks redirecting targets to external, look-alike phishing domains engineered to compromise browser-based web3 digital wallets, tricking users into signing malicious smart contracts that immediately drained their stored Ethereum and Solana tokens.
See Also: GitLab Ships Emergency Patches to Neutralize Eight Vulnerabilities in Code Ecosystems
The timing of this high-visibility hijacking intersects with a broader, highly sophisticated surge in automated brand impersonation fraud observed throughout the mid-2026 fiscal year. Cyberintelligence monitors note that the breach occurred just as global public interest in private spaceflight operations hit a seasonal peak, creating the perfect psychological baseline for a classic fear-of-missing-out (FOMO) social engineering loop. Historically, these threat syndicates leverage compromised verified accounts because the native “blue check” verification badges act as an implicit trust vector, successfully bypassing the natural skepticism of everyday web consumers who assume corporate accounts are backed by ironclad multi-factor authentication loops and dedicated internal security operations centers.
The core motivation driving these malicious entities to target SpaceX infrastructure centers entirely on financial extraction via high-yield digital asset theft. Because the valuation of secondary crypto tokens can be violently manipulated through artificial social media hype, capturing a brand with the global footprint of SpaceX allows hackers to orchestrate highly lucrative “rug pull” and wallet-draining schemes before traditional security systems can flag the destination domains as malicious. This specific attack profile underscores a major structural vulnerability for global corporations: despite spending billions of dollars hardening physical operational technology and internal server networks against state-sponsored infiltration, a single compromised social media session token or a targeted SIM-swap attack can instantly inflict massive reputational damage and jeopardize the financial security of a company’s customer ecosystem.

