preloader-icon

McRugged: Hackers Take Over McDonald’s Instagram, Make $700K on Fake Grimace Token

A senior McDonald's employee appeared to suffer a social media hack on Wednesday, one that soon allowed the culprits to promote a short-lived Grimace-themed Solana meme coin scam across the fast food giant’s prominent public-facing accounts. 

Late Wednesday morning, posts on both McDonald’s Instagram page—which boasts some 5 million followers—and the personal Twitter account of Senior Marketing Director Guillaume Huin began extolling a new GRIMACE token. The Solana meme coin  was started on popular launcher Pump.fun—perhaps an unusual choice for a $207 billion company. 

On Huin’s Twitter, posts promised that GRIMACE holders who listed their Instagram accounts would soon be followed by McDonald’s. 

“We love and appreciate all the support of Grimace,” one such post read, accompanied by a photo of the ambiguous purple character along with Ronald McDonald donning a protective face shield.

A screenshot from the apparently hacked senior McDonald's executive, which was deleted soon after. Image: Decrypt

As often seen in these meme coin scams tied to hacked brand or celebrity social media accounts, the price of GRIMACE surged an obscene 195,000% within minutes before its deployers rugged the token’s liquidity, instantly collapsing the token’s value back towards zero. 

In case the jarring succession of events left room for any ambiguity, the hackers then returned to McDonald’s Instagram account, where they changed the company’s bio to read “You have just been rug pulled,” adding, “Thank you for the $700,000 in Solana.” 

Blockchain data visualization startup Bubblemaps wrote on Twitter than the hacker apparently used numerous addresses to purchase the vast majority of tokens on Pump.fun ahead of the price spike—approximately 75% of the supply—and then distributed them into approximately 100 wallets before selling them all for approximately $700,000.

The ragtag group of digital bandits, who appear to have styled themselves the “India X Kr3w,” also linked to a Telegram group in the Instagram bio. At writing, they have only thus far used the group to post the music video for the 2016 Juicy J song “Blue Bentley,” in which the artist repeatedly celebrates having “just cashed out.”

Remarkably, despite what one might consider to be a healthy dollop of red flags, the GRIMACE token accumulated over $20 million in trading volume in less than two hours.

This can sometimes happen when crypto traders—fully aware that the token is a scam—try to get in on the rug and cash out before the token crashes to worthlessness. This is an incredibly risky strategy that often backfires. 

It appears that McDonald’s finally recovered control of its Instagram account over an hour after the hackers first posted about the GRIMACE token. The company wiped all posts related to the meme coin, but did not immediately respond to Decrypt’s request for comment on the matter.

The short-lived, lively saga underscores how easily hackers can gain access to—and profit from—even tightly guarded corporate social media accounts by identifying even one point of weakness in a single employee’s online security. 

In recent months, hackers have used similar tactics to launch fake tokens from the accounts of Sydney Sweeney, Doja Cat, and 50 Cent, among other celebrities.

McDonald's, interestingly enough, has pursued multiple official initiatives across the crypto world in recent years, including McRib NFT collectibles, Grimace NFTs tied to a metaverse world, and a "McNuggets Land" setting in Ethereum game The Sandbox.

Edited by Andrew Hayward