The late Michael Jackson, rapper Future, South African singer Tyla, and Adele all had hundreds of millions of followers on their Instagram accounts. On a Thursday night in August 2025, all of these accounts simultaneously shared the same kind of content: AI-generated images of the artists seemingly endorsing a Solana meme coin called FREEBANDZ that had nothing to do with any of them.
The coin’s market capitalization increased to little under $900,000 during the time that the posts were active. The coin fell by 98% when the con artist sold into the consequent liquidity and took out about $49,000. Eventually, the posts were taken down. By then, everyone covering the cryptocurrency market in 2025 was fully aware of the larger pattern this represented.
| Category | Detail |
|---|---|
| Documented Celebrity Cases | Instagram accounts of Adele, Future, Michael Jackson, and Tyla simultaneously hijacked in August 2025 to promote a fake Solana meme coin; the UFC’s official account was previously hacked in 2025, resulting in approximately $1.4 million in losses to crypto users |
| Pattern Consistency | Hijacked accounts typically used to promote newly-launched Solana or Ethereum “meme coins” via Pump.fun and similar token launchpads; scammers dump their holdings after the token spikes in value, crashing the price by 90%+ |
| Example Scheme Size | One 2025 hijacked-account scheme briefly drove a meme coin to an $11 million market cap before the scammer sold 40% of the supply, netting approximately $1.4 million before the price collapsed by 97% |
| SIM Swap Context | SIM swap fraud is often the initial entry point for account takeovers; T-Mobile was ordered to pay $33 million in arbitration in March 2025 after a single SIM swap enabled a crypto wallet drain; 96% of SIM swap cases involve social engineering of carrier customer service representatives |
| AI Image Use | Scammers increasingly post AI-generated images — e.g., rappers “holding” oversized coins, celebrities “endorsing” tokens that do not exist — to increase the visual credibility of fraudulent promotions |
| Additional Extortion | Some hackers demand ransom payments (reported up to $40,000) from original account owners to return access; victims have also been coerced into recording promotional videos for ongoing schemes |
| Why It Works | Compromised established accounts bypass the content moderation and account-age checks that typically flag newly created fraudulent profiles — allowing scam content to reach larger audiences before removal |
| Further Reference | Consumer protection guidance at the Federal Trade Commission |
The Instagram-hijacking-for-crypto-pump technique has developed into something akin to a trustworthy playbook. Hackers gain access to well-established accounts using targeted phishing, which deceives account owners into disclosing login credentials, or SIM swap attacks, which steal a victim’s phone number and intercept two-factor authentication codes.
After that, the account is used on sites like Pump to advertise a recently released meme coin.enjoyable, where creating tokens is free and doesn’t require any technological expertise. Because followers who would immediately doubt a new anonymous account accept seriously what seems to be an endorsement from a well-known name, the original account’s legitimacy does the work the scammer could not accomplish on his own. The coin is pumped. The con artist dumps. The coin flips over. The posts are eventually removed by Instagram. The funds have already been spent.
The pattern’s limited period is what makes it so successful. On a decentralized platform, there is no need for identification checks, verification, or a waiting time when launching a token. In little than an hour, a pump-and-dump cycle can go from promotion to collapse.
The financial harm is done by the time Instagram’s content moderation systems recognize the hacked posts as false and delete them; unlike bank transfers, on-chain transactions are irreversible. In one case that was published in 2025, a meme coin reached a market valuation of $11 million before the con artist sold 40% of the supply for a net profit of almost $1.4 million. Soon after, the market capitalization fell by 97%.
These attacks are made possible by security flaws at several levels of the system. A March 2025 arbitration ordered T-Mobile to pay $33 million to a consumer whose cryptocurrency wallet was depleted following a single SIM switch event, demonstrating how SIM swap fraud has grown to be a significant crime category in and of itself.
According to research, rather than using technical exploits, 96% of SIM swap attacks are successful due to social engineering of cell carrier customer care agents. The insufficiency of the carriers’ verification processes has been frequently criticized. Victims have also expressed dissatisfaction with Instagram’s account recovery procedures, citing lengthy wait times—sometimes weeks—for access to be restored while con artists operate their scams in real time.
However, the defense situation for regular users is not as dire as it might seem. The SIM swap vulnerability for the majority of account takeover attempts is eliminated by two-factor authentication utilizing an authenticator app, such as Google Authenticator, Authy, or an equivalent. Even more robust protection is offered by FIDO2 hardware security keys.
The majority of the current assault patterns can be eliminated by turning on Instagram’s login notifications, routinely reviewing the list of active sessions, and considering any urgent financial advise sent via direct message with complete mistrust regardless of the source.
When considering the pattern as a whole, the more general conclusion is that the cryptocurrency industry has created a scam economy where the most valuable commodities are attention and social proof. Instagram accounts that have been hacked provide both. It seems doubtful that this specific plan will vanish as long as that is the case.
