On July 13, 2026, an unidentified hacker silently opened two high-profile yet vulnerable doors—official X accounts @SpaceXAI and @Starlink were successively attacked. Within just a few hours, the hacker leveraged the accounts to issue and hype a token named $SCATMAN. According to Lookonchain data, he minted a total of 100 trillion tokens on-chain and then sold all of them, exchanging them for 59 ETH, approximately $108,000; meanwhile, another wallet address controlled by the hacker profited 14.7 ETH through the same series of operations, which was reported by several Chinese crypto media outlets that subsequently cited this on-chain tracking result. This script of “account hijacking to issue tokens” is not uncommon in the crypto world, but it stands out because the targets were high-profile brand accounts like SpaceXAI and Starlink, clearly exposing a reality: when social media accounts become gateways for token issuance and narratives, any security vulnerability could be magnified into real monetary losses on-chain. Only by placing equal importance on account protection and on-chain path tracking can market participants add a necessary line of defense against such scams.
SpaceXAI and Starlink Accounts as Entry Points for Scams
In the incident on July 13, the first door that was pried open was not the on-chain contract but the social media entry point. According to Lookonchain, the unidentified hacker first gained control of the official X accounts @SpaceXAI and @Starlink, brand accounts that should have represented aerospace technology narratives, which were immediately transformed into showcases for the token named $SCATMAN. The hacker issued and promoted this token under the guise of the “official account,” making anyone who saw the timeline encounter token issuance information that appeared to be endorsed by a well-known brand at first glance.
This kind of high-profile account being hijacked to promote tokens is not a novel path in the cryptocurrency industry. Ordinary users naturally lower their guard when they see the words “official” or “brand,” viewing it as a somewhat authoritative release, and may instinctively assume, “This is a new token from the project team,” thus neglecting basic verification of the token itself and the on-chain path. The simultaneous control of SpaceXAI and Starlink is a classic script highlighting “celebrity/brand accounts being hijacked to issue tokens,” and reiterates that every token promotion seen on social platforms must first be treated as a potential scam and cannot be blindly trusted just because the avatar and name seem familiar.
100 Trillion SCATMAN: A Game of High Supply and Foolery
According to on-chain tracking from Lookonchain, after the hacker took over the SpaceXAI and Starlink accounts, he directly minted 100 trillion $SCATMAN tokens on-chain, all of which were actually in the hands of a single party. Such a high issuance volume implies that the nominal price of a single token can be driven down to a very low range, combined with the hijacked “official account endorsement”; it easily creates the illusion that with little capital, one can buy “hundreds of millions or billions of tokens.” As soon as the price fluctuates slightly, it appears to be a multiplication story full of imagination.
However, from the on-chain results, this story had its ending written from the start. According to Lookonchain data, the hacker later sold all 100 trillion $SCATMAN tokens controlled by himself, exchanging them for 59 ETH, approximately $108,000. Another wallet address controlled by the hacker also gained an additional profit of 14.7 ETH, which was reported by several Chinese media outlets. In this design, the high supply merely serves as a psychological bait; the true core is to let retail investors act as buyers under the illusion of “low unit price, massive tokens,” while the hacker clears out the tokens and cashes out in ETH within a short period—this is a standardized, templated quick harvesting scheme.
59 ETH Withdrawn: On-Chain Restoration of Hacker’s Cashing Out
Looking back on-chain, the closed-loop of this scam is clearly visible: according to Lookonchain tracking, the hacker first minted exactly 100 trillion $SCATMAN tokens at one address, concentrating all tokens in one hand. Subsequently, this address threw all the tokens onto the market, gradually exchanging them for ETH, and the final 59 ETH stopped at the hacker's controlled wallet. Several Chinese media outlets cited this number and calculated a profit of approximately $108,000. The process of 100 trillion tokens going from “appearing out of thin air” to “clearing out for cash” was documented at every step in the on-chain ledger, with no transactions concealed or erased.
More alarmingly, according to Lookonchain, another wallet address controlled by the hacker also gained an additional profit of 14.7 ETH during the related operations, but current public information does not reveal whether there is a deeper financial handling or division of labor relationship between the two. The details of the entire event almost entirely rely on Lookonchain's continuous tracking and disclosure of the related addresses and transactions. It is precisely these kinds of on-chain analysis tools that translated the “hacker script” that originally existed only in codes and transaction hashes into a visually readable evidence chain.
Why Celebrity Account Token Scams Keep Succeeding
Putting the attack on SpaceXAI and Starlink into a larger perspective, it is almost a replica of the classic script of “account hijacking to issue tokens”: prior to July 13, 2026, there had already been multiple instances in the crypto industry where high-profile social media accounts were seized, followed by similar scams claiming to offer a “brand new token” or “internal opportunity.” This time, the hacker simultaneously seized two highly interconnected official X accounts and leveraged them to issue and promote $SCATMAN. The narrative was naturally packaged as “official collaboration” and “brand endorsement,” and to those familiar with this routine, all steps appeared extremely standard. As for whether he obtained login credentials through password leakage, historical data breaches, phishing, or social engineering, current public information has not provided an answer, and these paths can only be discussed as possibilities, not as established technical details.
The deeper structural issue lies in the fact that control over social media accounts is highly centralized, yet carries the “official voice” of entire projects or even brands. Once a single point is breached, the hacker effectively takes over all external discourse authority. According to publicly available research materials, the reason such incidents are not uncommon is not only due to insufficient account security measures on the platform side but also because users’ inherent trust in “official accounts” is almost defenseless—seeing familiar avatars, certification marks, and past content, many default to believing the information is true and reliable, without checking the contract addresses or cross-verifying the source of the announcements. Under this trust structure, as long as an attacker obtains account control within a short period, scams like $SCATMAN have a sufficient window to complete their closed-loop from token creation to sales.
Learning to Identify Social Media Traps from the SCATMAN Case
The SCATMAN case provides the most direct warning to crypto investors: even official accounts of the level of @SpaceXAI and @Starlink can be hijacked in a short time and turned into “coin recommendation accounts,” and the signals behind such occurrences are often merely exits designed by some anonymous attacker to exchange for profits of 59 ETH, 14.7 ETH, rather than any genuine intentions of a project or platform. When faced with the scenario of “official accounts suddenly issuing new coins,” the rational default option should be skepticism rather than impulse: at the very least, cross-verify whether there are simultaneous announcements from multiple parties, check if the contract address has prior deployment or interaction records, and confirm whether the project has traceable long-term external information, code, or documentation, instead of easily placing orders based solely on a post with high shares. The on-chain review of SCATMAN shows that on-chain analysis platforms like Lookonchain played a key role in retrospectively tracking the hacker’s minting of 100 trillion tokens and their full sell-off, also reminding us that we can be more proactive in treating on-chain monitoring as a “secondary verification” tool in the future, using signals like abnormally large token minting, concentrated holdings, and rapid sell-offs to assist in judging the credibility of new coin promotions on social media. On the other hand, there is currently no public information on how SpaceXAI and Starlink will respond or enhance account security; whether the platform will implement stricter login protections, alerts for logins from different locations, and whether on-chain monitoring tools can be moved to preemptive warnings rather than post-incident reviews will all be variables worth observing in the future. Whether these variables can mitigate risk exposure in “official token promotion” scenarios will determine who presses the stop-loss key first in the next similar event.
Join our community, let’s discuss and become stronger together!
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。




