McDonald’s Instagram Hacked, Scammers Steal $700,000 in Solana
On Aug. 21, McDonald’s Instagram account was compromised. Hackers used the hacked Instagram account to promote a fake meme coin called “Grimace,” and they made off with SOL worth thousands of dollars. Meanwhile, new threats like the PG_MEM malware are targeting PostgreSQL-managed databases, while the notorious MEV bot “jaredfromsubway.eth” has resurfaced with upgraded capabilities.
Hackers hacked the Instagram account of McDonald’s on Aug. 21 and stole more than $700,000. They did this by falsely promoting the coin as an experiment that the fast-food giant was conducting using the Solana Blockchain.
The screenshots posted on X showed that hackers used the purple mascot of McDonalds, Grimace to attract investors. Bubblemaps, a blockchain analytics company, reported that hackers acquired the first 75% Grimace tokens’ total supply via a Solana meme-coin deployer named Pump.fun. The hackers then distributed these tokens to approximately 100 wallets.
DexScreener revealed data that showed the Grimace token market cap soared from a few thousands dollars to 25 million dollars in only 30 minutes. The surge, however, was short-lived because the hackers quickly sold their tokens.
The hackers then edited McDonald’s Instagram profile to boast about their scam. The hackers also revealed that the scam netted them $700,000. They shared how they made Solana. McDonald’s was eventually able to recover control of its account after removing the posts and altering their bio.
Screenshot from a McDonald’s account that has been hacked (Source: X).
McDonald’s responded to the incident by issuing a press release to The New York Post. It called it an “isolated event” that affected its social media pages. It also apologized to the public for the offensive material that may have been posted.
New Cryptojacking Threat
Crypto hackers are not only a problem on social media. The new malware PG_MEM targets PostgreSQL databases and installs cryptocurrency mining software. The malware is a serious threat for the 800,000 PostgreSQL-managed databases in existence, especially those that have weak passwords.
This attack begins with brute-force attempts to discover a weak password. The threat actor can then gain access to the data base. The attacker then creates a user with high-level privileges and downloads their files. They also secure the system so that other threats actors cannot exploit the database.
This malware connects with a pool of mining computers and mines cryptocurrency using the computing power in that database. Cryptojacking is the term used to describe this. These attacks seem to be increasing in frequency. Crypto-malware has increased 400% in the first six months of 2023, compared with the same period last year.
PG_MEM Attack Flow (Source:Aqua )
The PG_MEM exploit is of particular concern because it takes advantage of a vulnerability that occurs frequently in databases with internet access. Weak passwords are the result of misconfigurations or inadequate controls on identity. These risks are exposed by many organizations when they connect their databases with the internet, without adequate security.
Cryptojacking, while mainly viewed as a danger by most people, has potential for harnessing computing power that is not being used. Aethir provides decentralized cloud computing infrastructure and uses similar methods for scalable, cost-effective services.
Revamped DeFi Protocols and MEV Bots
The infamous maximal extractable value (MEV) bot, known as “jaredfromsubway.eth,” has resurfaced with some new capabilities that allows it to execute more complex “sandwich” attacks on decentralized finance (DeFi) protocols. The bot, which earned millions in 2023 through sandwich and arbitrage attacks, has been updated with new strategies to make it more powerful.
EigenPhi, a MEV tracker site, reported on Aug. 20 that the new MEV contract associated with this bot now uses sophisticated sandwich attacks. The attacks are based on scheduling transactions in advance and after a victim transaction, to manipulate the price and make profits. This new contract was seen in the last two weeks using advanced methods of on-chain trading squeeze.
This bot manipulates exchange rates by exploiting DeFi protocol vulnerabilities, particularly on Uniswap V3 pool, which allows it to execute multiple transactions within the same block. The bot makes money while other users suffer losses.
Jared 2.0, the upgraded bot’s name, now includes the addition and deletion of liquid in the DEX pool. The new strategy complicates analysis of the bot’s profitability.
EigenPhi claims that the jaredfromsubway original contract address enabled trading strategies which paid close to $2.2million to bots and traders in a period of two weeks starting August 1. The activity of this contract began to decline on August 7, eventually dropping to zero by Aug. 14
MEV attack volume (Source: EigenPhi)
Sandwich attacks have reached $17 billion just in the last month, despite the lower activity under the initial contract.
Crypto Whale loses $55M in Phishing Scam
A crypto whale also lost $55,000,000 in stablecoins following a phishing scam on August 20. This incident occurred when the wallet’s owner signed an unwitting malicious transaction that resulted to the transfer of $55,47,000,000 DAI from a decentralized finance protocol called Maker.
Whale realized its mistake, and attempted to withdraw funds from the wallet to another address. However, this did not succeed as ownership of stablecoins in the wallet had been already transferred.
Lookonchain, a blockchain analytics company, quickly identified the incident and reported that attackers had exchanged the 27.5 million DAI into 10,625ETH by setting up the wallet to be owned by a new address.
The crypto-space is a very dangerous place. These attacks usually trick victims into installing a fake program or signing malicious transactions, leading to thefts of digital assets.
In 2024, these attacks caused significant financial harm. Nearly half a million dollars were lost just in the first six months of this year. The blockchain security company CertiK announced on July 3 that $498,000,000 had been lost due to phishing.
There are steps being taken against these attacks. On August 4, the Australian Federal Police announced that they were investigating phishing scams which affected 2,000 Australian owned digital wallets.
The “approval-phishing” tactic was used to target these wallets, according to findings from analytics company Chainalysis. The Australian Securities and Investments Commission reported in response that they had taken down 5,530 fake platforms for investment, 1,065 links phishing, and 615 scams involving crypto investments since July 2023.