Key Points
- Cybercriminals gained unauthorized access to SpaceXAI and Starlink X profiles to advertise a fraudulent cryptocurrency named SCATMAN
- The perpetrator created 10 trillion SCATMAN tokens and liquidated them for approximately $125,000 worth of Ethereum
- Blockchain analytics firm Lookonchain traced the stolen funds to two distinct wallet addresses
- The fraudulent posts were deleted from both compromised accounts soon after detection
- This incident represents another example in a growing trend of social media account takeovers used for rapid cryptocurrency scams
Cybercriminals successfully infiltrated the SpaceXAI and Starlink social media profiles on X, leveraging them to advertise a fraudulent cryptocurrency token named SCATMAN. The perpetrators managed to extract approximately $125,000 in Ethereum before the malicious posts were discovered and removed.
Breaking Down the SCATMAN Cryptocurrency Fraud
Blockchain monitoring service Lookonchain detected the fraudulent operation and successfully tracked the misappropriated funds to two separate cryptocurrency wallets.
The cybercriminal generated 10 trillion SCATMAN tokens from scratch. Following creation, they liquidated the complete supply in exchange for 59 Ethereum, valued at approximately $108,000.
A secondary wallet traced to the identical perpetrator liquidated an additional 59.28 million SCATMAN tokens for 14.7 Ethereum, contributing roughly $27,000 to the overall proceeds.
Together, both wallets generated just shy of $125,000 in total. Lookonchain made both wallet addresses available to the public.
Images spread across social platforms appeared to show the SpaceXAI and Starlink profiles sharing content from the SCATMAN account. BeInCrypto was unable to independently confirm these allegations.
When the incident became public knowledge, the suspicious reposts had already been removed from both profiles. BeInCrypto attempted to contact SpaceX for an official statement but received no response before publication.
Recurring Theme of Social Media Account Exploitation
This incident is far from unique. Compromised social media profiles have increasingly become the preferred method for executing rapid cryptocurrency scams.
Fraudsters specifically pursue accounts with substantial follower bases because the inherited trust factor encourages immediate investments before potential victims recognize the token’s illegitimacy.
During February 2025, cybercriminals compromised Pump.fun’s X profile to advertise a counterfeit token called PUMP. A single wallet address generated more than $135,000 within 60 seconds.
The X account belonging to former Malaysian Prime Minister Mahathir Mohamad fell victim to a similar breach that promoted a fraudulent token. That particular operation caused $1.7 million in investor losses.
Myanmar’s military leadership and World Liberty Financial co-founder Zach Witkoff experienced comparable attacks during the same period.
The methodology remains virtually identical in every instance. A reputable account gets compromised, a token launches rapidly, and the criminal liquidates holdings before the legitimate account owner recovers access.
The SpaceXAI and Starlink profiles carry significant brand recognition connected to Elon Musk, positioning them as premium targets for such fraudulent operations.
The SCATMAN scam was executed with remarkable speed, and Lookonchain has publicly exposed the perpetrator’s wallet addresses.
At publication time, neither SpaceX nor Starlink had issued any official commentary regarding the security breach.


