Hackers recently seized control of McDonald’s Instagram account, altering its bio to falsely claim the fast-food giant had secured $700,000 through fraudulent activities.
The breach on August 21 saw the account’s bio used to promote a fictitious cryptocurrency called ‘Grimace.’
Crypto hackers, who have increasingly targeted prominent brands and celebrities on social media, used the opportunity to exploit McDonald’s 5.1 million followers.
Blockchain analytics firm Bubblemaps revealed that the breach involved controlling 75% of Grimace’s token supply via the Solana meme coin deployer, Pump. Fun.
The hacker acquired Grimace tokens using multiple wallets and distributed them to approximately 100 addresses before selling them, ultimately netting $700,000.
Screenshots of the compromised Instagram account, shared on X (formerly Twitter), showed that the hackers falsely claimed the Grimace memecoin was part of a McDonald’s experiment on the Solana blockchain.
They also promised to follow back users who held Grimace tokens. This led to a dramatic increase in the Grimace market cap, which surged to $25 million before the issue was resolved.
The bio of the hacked account also featured a message attributing the scam to a group named ‘India_X_kr3w,’ with a thank you note for the $700,000 in Solana.
This reference, combined with an Indian flag emoji, led some to speculate the hacker might be from India.
However, no one from India has claimed responsibility for the attack, leaving the hacker’s true origin unknown.
McDonald’s has since regained control of its Instagram account, removed the fraudulent posts, and restored the original bio.
Following the hack, the price of Grimace has plummeted to $0.0003752.
A recent report by Web3 bug bounty platform Immunefi highlighted a surge in crypto scams, noting a 91 percent increase in such incidents during Q2 2024 compared to the same period in 2023.
The crypto industry reportedly lost $509 million to fraud and scams in the second quarter of 2024.