Yesterday, Elon Musk and Sam Altman engaged in a fierce public dispute on X. Meanwhile, an opportunistic cryptocurrency syndicate quickly capitalized on this high-profile spectacle. The perpetrators successfully compromised the official social media accounts of SpaceX and Starlink. Subsequently, they utilized these trusted handles to amplify a malicious phishing token called $SCATMAN. A deceptive caricature account mimicking Altman originally launched this fraudulent token.
The Anatomy of the Catman Persona
The fraudulent entity adopted a highly peculiar visual identity. Specifically, they utilized a stylized, avian caricature of Sam Altman fashioned as an owl. Operating under the handle @SamCatman, the threat actors remarkably obtained an official SpaceX affiliate verification badge. Therefore, this badge strongly implies that the account originally belonged to SpaceX itself. The scammers weaponized the account by altering its handle and imagery while retaining its verified status.
‼️ BREAKING: The official SpaceX and Starlink accounts on X appear to have been compromised. According to multiple reports online, an account named "Sam Catman," carrying an official SpaceXAI-affiliated badge, posted a scam coin. The official SpaceX and Starlink accounts then… pic.twitter.com/eT6S8u91Zu
— International Cyber Digest (@IntCyberDigest) July 12, 2026
Following the takeover, the syndicate orchestrated a synchronized promotional campaign. They used the hijacked SpaceX and Starlink accounts to retweet the malicious @SamCatman dispatches, as noted in the security updates tracking the breach. Consequently, this deceptive endorsement lured unsuspecting cryptocurrency investors into purchasing the fraudulent token. Such malicious stratagems remain tragically common within the decentralized finance ecosystem. Ultimately, the orchestrators drain the liquidity pool once the valuation peaks, leaving investors entirely ruined.
Cryptic Vulnerabilities and Operational Security
Currently, the precise vector of this digital infiltration remains completely obscured. Historically, SpaceX‘s communication channels have frequently fallen prey to similar unauthorized takeovers. Attackers often exploit these platforms to broadcast deepfake videos of Elon Musk promoting speculative meme coins. Given this chronic exposure, administrators should have enforced stringent multi-factor authentication protocols. Indeed, robust multi-factor authentication typically neutralizes such credential compromises.
However, SpaceX accounts suffered another breach despite these clear historical warnings. This recurrence raises serious questions regarding the organization’s social media governance and security competence. Furthermore, this persistent vulnerability inflicts severe, irreversible financial losses upon their loyal followers. Naturally, SpaceX maintains a strict posture of non-compensation for the victims. As a result, defrauded users must bear the entire burden of their financial ruin alone.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.