Hackers infiltrated McDonald’s Instagram account and utilized it to endorse a counterfeit joke cryptocurrency called GRIMACE, ultimately executing a rug-pull fraud that resulted in over $700,000 in theft.
The spurious token, erroneously associated with McDonald’s, experienced a temporary surge in value, reaching $25 million before plummeting. The assailants, identified as “India X Kr3w,” expeditiously liquidated their investments, resulting in investors being left with valueless assets.
Rug pulls are fraudulent schemes in which creators artificially promote a cryptocurrency, artificially increase its worth, and subsequently remove their funds before disappearing. Here, the hackers exploited McDonald’s Instagram account to create the illusion of legitimacy for the GRIMACE token, deceiving individuals into believing it was an officially sanctioned venture supported by the fast-food corporation.
The deceit was intensified by the unauthorized access to McDonald’s Senior Marketing Director Guillaume Huin’s social media accounts by hackers, who proceeded to disseminate fraudulent advertisements for the GRIMACE token.
The attackers had dominion over 75% of the GRIMACE token supply, employing various addresses to purchase the token on Pumpfun, a decentralized trading platform. The tokens were dispersed to approximately 100 addresses before being sold, enabling the perpetrators to illicitly acquire $700,000 worth of Solana, the designated cryptocurrency for transactions.
Despite cautionary indicators, a significant number of investors engaged in trading the GRIMACE token, resulting in a trading volume of over $25 million during 24 hours. McDonald’s promptly recovered authority over its Instagram account and removed any posts associated with the GRIMACE token.
This fraudulent scheme is a manifestation of a wider pattern of growing illicit activities carried out by cybercriminals in the realm of digital assets.
According to Immunefi, the crypto business has suffered a loss of more than $1.19 billion due to hacking and fraudulent activities in the initial seven months of 2024. This emphasizes the susceptibility of even major corporations to digital threats in the modern era.