McDonald's targeted by grimace memecoin promoters

Brian McGleenon
Updated

McDonald’s (MCD) recently suffered a high-profile cyber attack that compromised its Instagram account. The breach involved a hacker using the account to promote a memecoin called grimace (GRIMACE30045-USD), which is based on the solana blockchain. The cryptocurrency is inspired by McDonald's' purple mascot of the same name.

Late on Wednesday morning, posts began appearing on both McDonald’s' Instagram page – which has around 5 million followers – and the personal Twitter account of McDonald's senior marketing director Guillaume Huin, promoting the grimace memecoin.

Shortly after the hack, the cryptocurrency's market capitalisation surged to around $20m before plummeting to below $1m, with the scammers presumably cashing out their earnings. The hackers even updated the McDonald's Instagram bio to thank followers for the $700,000 they had fraudulently collected.

Mcdonald’s Instagram was hacked. The hacker launched a coin (GRIMACE) then rugpulled buyers for $700k. Then left the a wild note in the bio.(X.com)
Mcdonald’s Instagram was hacked. The hacker then left the a wild note in the bio. ((X.com))

The hackers directed users to invest in the grimace token via a platform called Pump.fun, promising significant returns for relatively small investments.

They manipulated the Instagram accounts to make the posts appear authentic, leveraging Grimace's association with McDonald's to add credibility.

Read more: What are bitcoin ETNs?

On Huin’s Twitter account, fraudulent posts promised that grimace holders who shared their Instagram handles would soon be followed by McDonald’s.

“We love and appreciate all the support for Grimace,” one of the posts said, accompanied by a photo of the purple character alongside clown mascot Ronald McDonald wearing a protective face shield.

The hacker may have used numerous cryptocurrency wallet addresses to purchase the majority of the grimace token prior to the surge in its price, according to blockchain data analysis platform Bubblemaps.

The scammer controlled about 75% of the token's supply just before the hack of McDonald's' social media accounts, Bubblemaps said.

When the token's price spiked, the hacker appears to have sold all of their holdings, causing the value to collapse and netting them around $700,000. This type of scam is known as a "rug pull".

Read more: Binance exec insists bitcoin can recover despite 20% drop

The hacker then edited the bio section of the McDonald’s page to brag about their exploits.

The grimace memecoin was created and launched on Pump.fun, a Solana-based platform that simplifies the creation and trading of cryptocurrency tokens.

Pump.fun’s standout feature is its automation of the technical complexities involved in memecoin creation. Users only need a catchy name, a unique symbol, and an eye-catching image to get started. This ease of use makes it accessible to both seasoned crypto enthusiasts and newcomers.

A memecoin is a type of cryptocurrency inspired by sub-cultural imagery, internet memes or characters from popular culture. They generally lack a defined use case or intrinsic value and derive their value from the communities that promote them.

Since its launch in January 2024, Pump.fun has seen the creation of over 1.8 million tokens. However, only around 30 have achieved significant success, with valuations exceeding $1m, according to data from GeckoTerminal.

Read more: Bitcoin price rebounds above $61,000 following Fed rate cut backing

Notable top performers include cat-themed token michi (MICHI32044-USD), daddy (DADDY-USD), which was promoted by controversial social media influencer Andrew Tate, and mother (MOTHER-USD), which was backed by rapper Iggy Azalea.

Memecoins are often used in "rug pull" or "pump and dump" scams which involve fraudsters promoting the tokens on social media and dumping their holdings after others buy in.

After the hack, the company collaborated with authorities to investigate the breach and attempt to identify the perpetrators. McDonald's has also pledged to enhance its cybersecurity measures to prevent similar incidents in the future.

"We are aware of an isolated incident that impacted our social media accounts earlier today. We have resolved the issue on those accounts and apologize to our fans for any offensive language posted during that time," McDonald’s said in a statement.

Download the Yahoo Finance app, available for Apple and Android.

Advertisement