Hackers Hijacking McDonald’s Instagram Account for Crypto Scam Claim Making $700,000

• McDonald's Instagram account was breached by hackers who used it to disseminate a fake crypto coin on Solana.
• A senior marketing director’s personal X and Instagram accounts were also hacked for the same scam.
• The hijacked account’s posts started promoting “free cryptocurrency,” allegedly managing to make $700,000 after a rug pull fraud.

The Instagram account of fast-food giant McDonald’s, which has more than 5 million followers, was hacked on Thursday, concomitantly with the personal X and Instagram accounts of Guillaume Huin, a senior marketing director at McDonald’s, according to a report from the New York Post.

The hijackers’ crypto scam promoted a fake meme coin on the high-performance blockchain platform Solana, naming the cryptocurrency after McDonald’s iconic purple mascot, Grimace. The posts claimed McDonald’s was distributing “free cryptocurrency.”

The hijacked accounts’ posts included links to phishing websites designed to steal personal and financial information. Hackers also tried to trick users into investing in the fictitious crypto through a website called Pump[.]fun, promising significant returns for relatively small investments.

The hack was claimed by India_X_Kr3w, who said they made $700,000 in the “rug pull” type of scam on the Solana network, which is designed for decentralized cryptocurrencies – the creators of the tokens disappeared after withdrawing the funds from its liquidity pool.

The hackers owned roughly 75 percent of the total Grimace tokens in circulation just before the McDonald’s social media accounts were compromised, as per blockchain data analysis platform Bubblemaps. They sold all their holdings once the token skyrocketed.

The cyber criminals even announced their rug pull scheme earnings in the McDonald’s Instagram bio, thanking followers.

While the full extent of the damage remains unclear, McDonald’s announced acknowledging the “isolated” incident and regaining control of their Instagram account in a statement to the New York Post, apologizing to their followers “for any offensive language posted during that time.”

Cybercriminals hijacked several websites at domain registrar Squarespace between July 9 and July 12, impacting at least a dozen organizations, most of them cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains.

In June, TikTok acknowledged a security issue that had been exploited for account takeovers of its high-profile accounts. The threat actors compromised the accounts using zero-click attacks via direct messages, including the CNN account.