Hackers recently took over McDonald’s official Instagram account to promote a fake cryptocurrency, stealing more than $700,000 in the process.
The scam revolved around a fraudulent token called GRIMACE, which the hackers falsely claimed was connected to McDonald’s.
This led to the token’s value temporarily soaring to $25 million before it rapidly crashed, leaving many investors with nothing.
How did it happen?
The attack began when hackers managed to infiltrate McDonald’s Instagram account, which has over 5 million followers.
Once inside, they used the account’s influence to promote the GRIMACE token as if it were a legitimate cryptocurrency tied to McDonald’s.
They posted several images and messages that made it seem like the token was an official project, supposedly part of a “McDonald’s experiment on Solana”, a blockchain known for its fast and low-cost transactions.
These posts featured McDonald’s purple mascot, Grimace, and claimed that the GRIMACE token was officially linked to the fast food chain.
The hackers also edited the bio section of the Instagram page to brag about their actions, stating that they had made $700,000 from the scam.
The rise and fall of GRIMACE
Following the hackers’ posts, the value of the GRIMACE token skyrocketed in just a few minutes, reaching a peak of $25 million.
Investors, convinced that the token was endorsed by McDonald’s, rushed to buy it, hoping to make a quick profit.
However, this sudden surge in value did not last long. The hackers, who called themselves “India X Kr3w”, quickly cashed out their holdings.
This action caused the value of the token to crash, leaving investors with assets that were now practically worthless.
This type of scam is known as a “rug pull”. In such scams, developers create a new cryptocurrency and hype it up to attract investors.
They then inflate its value and, once enough people have invested, the developers withdraw all their funds and disappear, leaving investors with nothing.
In this case, the hackers used McDonald’s Instagram account to make the GRIMACE token appear legitimate, tricking people into thinking it was an official product from McDonald’s.
To make the scam even more convincing, the hackers also targeted McDonald’s Senior Marketing Director, Guillaume Huin.
They gained access to his social media accounts and used them to post more fake advertisements for the GRIMACE token.
These posts further deceived investors by claiming that McDonald’s would follow the Instagram accounts of GRIMACE holders, adding another layer of false credibility.
The aftermath
According to blockchain data platform Bubblemaps, the hackers controlled 75% of the GRIMACE token supply.
They bought large amounts of the token on Pumpfun, a decentralised trading platform, and then spread the tokens across about 100 different addresses.
After distributing the tokens, they sold them off, making off with $700,000 worth of Solana, the cryptocurrency used for these transactions.
Despite several warning signs, many people continued to trade the GRIMACE token, driven by the hope of quick profits.
The token saw over $25 million in trading volume within just 24 hours. However, by the time McDonald’s regained control of its Instagram account and removed all the fraudulent content, the damage had already been done.
This incident is part of a larger trend of increasing cybercrime in the cryptocurrency world.
According to a report from leading blockchain security platform Immunefi, the crypto industry lost more than $1.19 billion to hacks and scams in the first seven months of 2024 alone.
This is a significant increase from the previous year, showing that cybercriminals are becoming more sophisticated in their methods.