Hackers Hijacking McDonald’s Instagram Account for Crypto Scam Claim Making $700,000

Published on August 23, 2024
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

The Instagram account of fast-food giant McDonald’s, which has more than 5 million followers, was hacked on Thursday, concomitantly with the personal X and Instagram accounts of Guillaume Huin, a senior marketing director at McDonald’s, according to a report from the New York Post.

The hijackers’ crypto scam promoted a fake meme coin on the high-performance blockchain platform Solana, naming the cryptocurrency after McDonald’s iconic purple mascot, Grimace. The posts claimed McDonald’s was distributing “free cryptocurrency.”

The hijacked accounts’ posts included links to phishing websites designed to steal personal and financial information. Hackers also tried to trick users into investing in the fictitious crypto through a website called Pump[.]fun, promising significant returns for relatively small investments.

MCDonalds Instagram Account Hacked
Image Source: New York Post

The hack was claimed by India_X_Kr3w, who said they made $700,000 in the “rug pull” type of scam on the Solana network, which is designed for decentralized cryptocurrencies – the creators of the tokens disappeared after withdrawing the funds from its liquidity pool.

MCDonalds Marketing Manager Hacked Account
Image Source: New York Post

The hackers owned roughly 75 percent of the total Grimace tokens in circulation just before the McDonald’s social media accounts were compromised, as per blockchain data analysis platform Bubblemaps. They sold all their holdings once the token skyrocketed.

The cyber criminals even announced their rug pull scheme earnings in the McDonald’s Instagram bio, thanking followers.

While the full extent of the damage remains unclear, McDonald’s announced acknowledging the “isolated” incident and regaining control of their Instagram account in a statement to the New York Post, apologizing to their followers “for any offensive language posted during that time.”

Cybercriminals hijacked several websites at domain registrar Squarespace between July 9 and July 12, impacting at least a dozen organizations, most of them cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains.

In June, TikTok acknowledged a security issue that had been exploited for account takeovers of its high-profile accounts. The threat actors compromised the accounts using zero-click attacks via direct messages, including the CNN account. 



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: