Binance founder Changpeng "CZ" Zhao is warning the crypto community to be watchful of bad actors who often target and compromise the social media accounts of Web3 firms to promote fraudulent memecoin coins.

Taking to social media, CZ shared that Binance had its share of attacks, with certain accounts who falsely use to name of Binance to deceive investors.

CZ recently shared a post, sharing a screenshot of an account belonging to a trader who claimed to have ties with Binance and Binance Labs. According to Zhao, the account was likely hacked, as it abruptly began promoting new memecoins and had its profile altered.

CZ clarified that this individual has no affiliation or any sort with Binance or YZi labs but is in fact a long time supporter of BNB. He also stressed that YZi Labs employees would never engage in private token promotions, while dishing a stern warning to all employees that anyone caught promoting coins will be fired immediately upon discovery.

Pump.fun hack raises security concern

His warning comes following yet another security breach, this time targeting the solana-based memecoin platform, Pump.fun.

On February 26, Pump.fun’s official X account was compromised and exploited to promote a fraudulent governance token called “PUMP,” along with other scam coins. The breach prompted concern across the Web3 space, highlighting the persistent threat of social media exploits targeting crypto projects.

The incident was quickly picked up by blockchain sleuth ZachXBT, who urged users to avoid engaging with any links posted by the compromised account. He linked the attack to a broader pattern of social media exploits targeting crypto-related accounts.

The scammer behind the breach used the hacked account to falsely advertise “PUMP” as an official governance token, luring users with exaggerated claims and promised rewards for early adopters. In a further escalation, the hackers also promoted another token named “GPT-4.5,” threatening to delete Pump.fun’s X account unless the token reached a $100 million market cap.

In its explanatory X post after restoring access to its account, Pump.fun explained that it had a number of safeguards in place, like physical 2FA backups, regularly changing unique and complex passwords, and not having its 2FA connect to any email address, but the hackers still managed to bypass all of these firewalls the company has put in place.

Incidents like this act as a slap in the face of blockchain companies, and it shows how there are still major loopholes in the security system of the entire blockchain ecosystem.

X Hacks Continue to Exploit High-Profile Accounts

Hackers have turned X into a battleground for meme coin scams, hijacking high-profile accounts to push fraudulent tokens.

On February 5, 2025, Jupiter’s official X account was hacked to promote a fake token, $MEOW, referencing the project’s co-founder. Despite swift intervention, the scam posts spread rapidly before being removed.

This incident mirrors previous breaches, such as the January attack on Breaking Bad star Dean Norris’ account, where scammers falsely endorsed a meme coin named DEAN using manipulated media. Similarly, Litecoin’s X account was compromised in January, with scammers falsely claiming that LTC had launched on Solana.

A December 2024 report by ZackXBT linked at least 15 hacked accounts to meme coin scams, with losses exceeding $500,000. The scammers utilized phishing tactics to steal login credentials and launder funds across Solana and Ethereum.

Crypto Security Risks Continue to Rise

As hackers increasingly target crypto-focused and high-profile X accounts, incidents like the Pump.fun breach expose significant vulnerabilities in platform security.

Despite a downturn in meme coin trading volumes and Solana’s recent price struggles, scammers are ramping up their tactics, leveraging compromised accounts to mislead users and promote fraudulent tokens.

These ongoing threats highlight the urgent need for robust security measures, including two-factor authentication (2FA), unique email setups, and heightened vigilance against phishing attempts. As social media-driven scams continue to evolve, the crypto community must remain proactive in safeguarding digital assets and personal information.