TLDR:
McDonald’s Instagram account was hacked to promote a fake cryptocurrency called “GRIMACE”
Hackers claimed to have made $700,000 from the scam
The fake token’s value surged from zero to $25 million in 30 minutes before crashing
McDonald’s acknowledged the incident and resolved the issue
The scam was a “rug pull,” a common cryptocurrency fraud tactic
McDonald’s, the global fast-food giant, fell victim to a cybersecurity breach on August 21, 2024, when hackers took control of its official Instagram account. The incident resulted in a cryptocurrency scam that allegedly netted the perpetrators $700,000 in stolen funds.
The hackers used McDonald’s Instagram page, which boasts over 5.1 million followers, to promote a fraudulent cryptocurrency called “GRIMACE.” Named after the company’s purple mascot, the fake token was advertised as a “McDonald’s experiment on Solana,” a popular blockchain platform.
Within 30 minutes of the initial posts, the value of the GRIMACE token skyrocketed from zero to an estimated $25 million. However, this surge was short-lived, as the token’s value plummeted soon after, leaving many investors with worthless digital assets.
The type of scam employed in this incident is known as a “rug pull” in cryptocurrency circles. This fraud typically involves creating a fake digital currency, aggressively promoting it on social media, and then abruptly withdrawing funds from the coin’s liquidity pool before disappearing.
According to blockchain analytics service Bubblemaps, the hackers initially acquired 75% of the total circulating supply of the Grimace token using a Solana memecoin deployer called pump.fun. They then distributed these tokens among approximately 100 different digital wallets.
hacker owned 75% of the supply
used multiple addresses to buy on Pumpfun simultaneously, then spread into ~100 addresses
sold for $700k
thanks, @McDonalds 
https://t.co/Gt9yb3V3qp pic.twitter.com/ojLoiJamdy
— Bubblemaps (@bubblemaps) August 21, 2024
Following the promotional posts on McDonald’s Instagram account, the value of the GRIMACE memecoin experienced a dramatic increase. However, as the hackers began to sell off their holdings, the token’s price crashed, leaving its market capitalization at around $650,000 within 40 minutes.
The hackers didn’t stop at just promoting the fake cryptocurrency. They also edited the bio section of McDonald’s Instagram page to boast about their exploit, explicitly mentioning the $700,000 they claimed to have stolen in Solana, another cryptocurrency.
McDonald’s was quick to respond to the incident. In a statement to the New York Post, a company spokesperson said, “We are aware of an isolated incident that impacted our social media accounts earlier today. We have resolved the issue on those accounts and apologize to our fans for any offensive language posted during that time.”
The breach wasn’t limited to McDonald’s main account. Guillaume Huin, a senior marketing director for the company, also appeared to have his social media accounts compromised. His profiles on both Instagram and X (formerly Twitter) displayed posts promoting the fake GRIMACE coin.
As of now, it remains unclear how the hackers gained access to McDonald’s Instagram account. Typical methods in similar breaches have included the use of stolen credentials, phishing attacks, or techniques to bypass multi-factor authentication.
The incident adds to a growing list of cryptocurrency-related scams. In 2021 alone, “rug pull” scams resulted in losses of approximately $2.8 billion.
The post Rug Pulled: McDonald’s Instagram Hack Results in $700,000 Cryptocurrency Scam appeared first on Blockonomi.
