
MEME Team Hacked to Promote Coins? The Story Behind the Hacking of Legendary Trader GCR's Account
TechFlow Selected TechFlow Selected

MEME Team Hacked to Promote Coins? The Story Behind the Hacking of Legendary Trader GCR's Account
Hacking into GCR's account ultimately earned only $35,000, which is pretty pathetic.
By TechFlow
The crypto world is a true dark forest.
Whether it's account theft or on-chain phishing, seasoned players have seen it all. Such incidents are unrelated to wealth—whether you're a billionaire or someone with just hundreds of dollars in assets, hackers treat everyone the same. If you let your guard down even slightly and allow them an opening, your funds will be drained just as quickly.
Yesterday, legendary crypto trader GCR (@GCRClassic) had his Twitter account compromised. The hacker used GCR’s account to post bullish sentiment about ORDI, causing ORDI to surge 15% within minutes before rapidly dropping back down. GCR himself seemed completely unaware until someone asked him about it in his Telegram channel, at which point he realized his account had been breached.
Interestingly, the renowned "on-chain detective" ZachXBT published a detailed thread exposing the full story behind this hack, sharply identifying the culprit behind the attack—a Memecoin team.
A Well-Planned Heist
After GCR’s account was hacked and posted the pump message, on-chain investigator ZachXBT announced that he would release a detailed investigation report within the next 12–24 hours. That evening, ZachXBT dropped a lengthy tweetstorm, directly naming the mastermind behind the hack: the $CAT Memecoin team.

ZachXBT pointed out that the $CAT team had previously engaged in shady practices during their token generation event (TGE), sniping over 60% of the token supply and dumping for profits exceeding $5 million.

Through on-chain address tracking, ZachXBT discovered that after cashing out, the team swiftly moved funds to exchanges and then withdrew them to two addresses starting with 0x23bc and 0x91f33.
Then, the address 0x23bc65 transferred 650,000 USDC to a new address beginning with 0x5e3e, depositing it into Hyperliquid.

Between UTC 17:45 and 17:56 on May 26, the 0x5e3e address opened a $2.3 million long position in ORDI on Hyperliquid.

With everything set up, at UTC 17:55 on May 26, the hacker used @GCRClassic's Twitter account to post bullish comments about ORDI, triggering a short-term price spike.

Double Trouble?
Given that GCR is known as a “legendary trader,” the influence of his Twitter account goes without saying. Surely such a carefully orchestrated scheme by the hacker would yield significant profits?
However, from the moment the hacker posted the ORDI pump tweet to finally closing the position, only 15 minutes passed—and they made a mere $34,000 profit.
Apparently unsatisfied with going through all that trouble for just $34,000, over an hour later—at UTC 19:04 to 19:12—the hacker used the same address 0x5e3 to open a $1 million long position in ETHFI on Hyperliquid.
After setting the trade, the hacker again used @GCRClassic’s account to post bullish messages about ETHFI. Between UTC 19:16 and 19:45, 0x5e3 closed the position, resulting in a loss of $3,500. Wow—after going through the effort of hacking an account, pre-positioning trades, and executing a complex setup, their net gain doesn’t even cover the cost of the hack.
Observers in the comment section couldn't help but mock: "Hacking GCR’s account just to make $35,000? That’s pretty pathetic."

At the end of his investigative thread, ZachXBT summarized several key takeaways investors should understand from this incident:
-
The $CAT project team simply bought an expensive Twitter handle (@sol) and posted some mysterious-looking tweets—yet people willingly poured real money into it, ultimately handing millions of dollars to this scam operation. This is fundamentally wrong.
-
Social media platforms should no longer provide a stage for those promoting Memecoins.
-
People should study and understand how scams have evolved—from SIM swap attacks and phishing frauds to today’s advanced Memecoin manipulation schemes, as many scammers have already shifted tactics.
-
Memecoins are manipulated to a degree comparable to—or even greater than—VC-backed tokens. Investors should choose projects with trustworthy teams or tokens secured by locked smart contracts.
Finally, ZachXBT joined in the mockery, stating that the execution of this scam was extremely poor and clearly demonstrated the perpetrators' “low intelligence.”
For individuals with significant influence, maintaining strict account security is paramount—after all, many people actually invest real money based solely on a single investment suggestion posted from your account.
As investors, we must demystify influencer-driven pumps, objectively and rationally assess various investment recommendations, and avoid FOMO-driven decisions and blind buying.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News












