Before I was fully awake, still fog-headed and bleary-eyed after my alarm, I could already tell that something was wrong. It was 7:30 am on a frosty February morning, and my phone was already lit up with notifications. As my eyes adjusted to the light, I started to read.
“Congratulations, you’ve just scammed the wrong person,” read one message delivered to my personal Telegram account by an anonymous sender. “You have 10 minutes to refund the $2.8K you stole from me.” They appended a cryptocurrency wallet address.
Bewildered, I rifled through my messages, emails, and social media accounts. The situation quickly became clear: Somebody had gained access to my X account and used it to promote a fraudulent WIRED-branded crypto coin. As people purchased the coin and the price began to rise, the scammer sold their stash, wiping out investors. The people who lost money were pissed.
On X, I discovered a barrage of colorful abuse directed at my account, including a variety of racial slurs lobbed by individuals with a limited grasp of world geography. “I’m surprised people don’t come to your work and smash you up maggot,” one X user wrote. “You long nose, thin pussy lips lip having ass bitch,” another person called me. “I hope a car crashes n2 [sic] you,” said somebody else.
Other users tried to report my supposed misconduct to my employer: “Your man out here stealing money [sic],” one person wrote on X, tagging the main WIRED account.
Though unpleasant, few of the messages were directly menacing, with the exception of those from the anonymous Telegram user. “im [sic] scraping extensive information on you, including your address, relatives, friends from [my alma mater] UCL and more,” they said. “I will make sure your life is hell if i dont [sic] receive my refund.”
By 9 am, I was still taking refuge in bed, my laptop resting on outstretched legs. I contacted my editor, managers, and security personnel at WIRED to explain what had happened—and to ask for help. I messaged my partner too. She responded, “Oh fuuuuuck!!!”
Commonly described as either rug pulls or pump-and-dumps, crypto investment scams of this sort take place all the time. I just never imagined that I might become ensnared in one myself.
“This is a very common attack. The purpose is to do a simple pump-and-dump—to get the cash out,” says Phil Larratt, director of investigations at Chainalysis, a blockchain analytics company that helped WIRED to analyze the mechanics of the scam. “To do that, they have to have some visibility; that’s why they hacked your account.”
This year alone, the X accounts of various public figures have been compromised in aid of crypto pump-and-dump schemes. Profiles belonging to a BBC journalist, politicians from the UK and Argentina, and a former vice president of the Philippines have all been used to promote fraudulent coins. Previously, accounts belonging to Joe Biden, Barack Obama, Bill Gates and Kanye West have all been hijacked for similar crypto-flavored scams.
In theory, the more prominent the X account, the greater the potential return on the pump-and-dump, because many more people are likely to buy into the coin the scammer promotes. I tweet infrequently—mostly links to my articles—and have fewer than 2,800 followers, making me somewhat of an unlikely target. But I was valuable to the scammer for the likelihood that I am considered a trusted authority in my capacity as a crypto reporter.
“The greater exposure during the pump, the more likely it is that multiple inventors will buy into the messaging and buy into the eventual dump of the coin,” says John Powers, president at private investigation agency Hudson Intelligence.
X did not respond to a request for comment.
Though crypto coins have been used in pump-and-dump schemes for years, these maneuvers have become easier to execute with the arrival of memecoin launchpads, which allow anybody to create a coin instantly, at no cost. In my case, the scammer minted the WIRED-branded coin using Pump.Fun, by far the largest launchpad platform.
“A lot of coins are used for pump-and-dumps on Pump.Fun. And when [bad actors] combine a pump-and-dump with the hack of an X account, it’s potentially lucrative for them if executed correctly,” says Larratt.
“We continue to invest in making the platform safe for users,” said Pump.Fun spokesperson Troy Gravitt in a statement to WIRED. “When we find allegations of fraud, such as hacked X accounts shilling token scams, we’re able to delist those tokens from our front end to mitigate any threat they might pose to unsuspecting users.”
Despite the prevalence of memecoin rug pulls, investors continue to pile into coins. “A lot of the appreciation of value in memecoins occurs very early in the process, soon after launch,” says Powers. “There’s this chance you might get in at the right moment and make a killing … Timing is everything. The legitimacy of the offering is a secondary concern to many people it seems.”
I realized that my X account had been taken over on February 17, the day before the fraudulent WIRED coin was released. Have I Been Pwned, a service that lets people check whether their information has been exposed in data breaches and hacks, indicates that my X credentials had previously been distributed on a hacking forum, providing one possible explanation for my account having been compromised. Fatally, I had not put in place two-factor authentication, which meant that my password was all somebody needed to seize control of the account.
Because the scammer had swapped out my recovery email, I had to go through a longer, more arduous recovery process with X, which meant that I did not immediately regain my account. By the following morning, it was already too late. An analysis of transaction data shows that the person or group who hacked my X account created the WIRED token at 1:20 am UTC that morning.
When somebody creates a coin on Pump.Fun, they release one billion units into circulation and typically purchase some themselves at a nominal rate. In this case, the scammer snapped up around 5 percent of the total supply with the same crypto wallet used to issue the coin, then acquired more using two separate wallets immediately after trading began, according to analysis by Powers and Chainalysis. They used these secondary wallets to conceal the extent of their holdings from the investing public. “You can buy a certain amount of your own token. But if you buy a lot, nobody is going to buy in because it’s very suspicious,” says Larratt.
In all, the scammer commanded roughly 12 percent of the total number of WIRED coins in circulation, a sufficiently large amount to obliterate the price if they were to sell.
By 1:23 am, the scammer had begun to promote the coin on my X account; posts by other X users suggest they even appeared live on Spaces. Though they later deleted the various posts, which were gone by the time I had woken up, screenshots captured by other X users reveal the pretense they concocted.
The previous weekend, Argentinian president Javier Milei had been embroiled in a scandal involving a coin called Libra. (Milei has denied any wrongdoing.) WIRED would be launching its own crypto coin, the scammer claimed on X, in connection with the story. “I spoke to the man behind $LIBRA … probably my most interesting piece yet. He goes into detail on the setup, process and extraction, and we even stated our own $WIRED coin to show how easy it is,” the scammer wrote in a post to my X account.
In the minutes that followed, a blend of human traders and bots programmed to snatch up newly released coins began to invest. As they bought in, the price of the coin began to rise. At 1:36 am, 16 minutes after trading began, the total value peaked at $300,000. Then the scammer began to sell.
In a quickfire series of transactions on Raydium, a peer-to-peer exchange, they dumped the coins onto the market, earning the equivalent of $8,000-$10,000, analysts estimate. By 1:45 am, the WIRED coin had lost practically all of its value.
“The amount of money they made was not a lot by comparison to other pump-and-dumps we’ve seen. But in 20 minutes, analysis shows they may have gained up to five times the amount they deposited,” says Larratt.
By 2 am, the revenue earned through the sale of WIRED coins had been shuffled through a web of interconnected accounts into yet another wallet—possibly tied to a coin-swapping service, according to Chainalysis—where it was blended with hundreds of thousands of dollars worth of crypto from other unknown sources.
On February 19 and 24, that wallet deposited a combined $110,000 worth of crypto with Binance, a centralized exchange typically used to convert crypto into regular currency.
There, the trail goes cold. Though crypto exchanges are required in most jurisdictions to record the identities of account holders, as a matter of policy they do not disclose that information unless they receive a request from the authorities.
“We do not disclose the identities of account holders to media out of respect for our colleagues in law enforcement, to ensure the integrity of any ongoing investigations, and to prevent misidentification of innocent users,” says Binance.
In any case, criminals frequently use money mules or stolen identity documentation to open accounts with exchanges, Larratt previously told WIRED, which means that identifying the account owner is not the same as identifying the scammer.
In the days after the WIRED memecoin rug pull, I continued to receive messages from people who believed that I had scammed them. As before, the most overtly threatening messages came from the anonymous Telegram user.
“If you think I’m joking you have a fucking serious problem,” they wrote in one message, threatening to report me to WIRED management. “You really thought you can [sic] get away with it?” they said in another.
Though I suspected the threats were hollow, they were nonetheless troubling. To limit the likelihood that somebody might locate me, I signed up for a service that promised to cleanse any scraps of my personal data from the web. I also contacted my friends and family members, who had been threatened indirectly, and reported the harassment to my local police force.
Within a week, after I had posted to my X account explaining what had happened, the abusive and threatening messages stopped.
Meanwhile, people continue to pile into unpromising memecoins. Pump.Fun, the memecoin launchpad, is currently generating revenue at a rate of between $1-2 million a day as a one percent cut of trades, third party calculations show.
On April 14, the anonymous Telegram user who had threatened me posted two screenshots to X advertising large profits they had supposedly made on recent memecoin trades. “We are so retarded,” they wrote, using the slur adopted by memecoin traders to celebrate the level of risk they take. They completed the post with an emoji with dollar signs for eyes.
Additional reporting by Matt Burgess.