The official Chinese-language X account of decentralized exchange PancakeSwap (@PancakeSwapzh) was compromised on Tuesday and used to promote a fraudulent meme coin dubbed “Mr. Pancake.”
The project’s main X account confirmed the breach, warning users not to interact with links or posts from the compromised handle.
“Our Chinese account @PancakeSwapzh has been compromised,” the team announced. “Please do not click on any recent links or interact with the posts. We’re actively working with the X team to resolve the issue.”
Update: We’re actively working with the X team to resolve the issue with @PancakeSwapzh.
— PancakeSwap (@PancakeSwap) October 8, 2025
Please do not click on any links or interact with posts from that account until we confirm recovery. Stay vigilant and only trust updates from this official account, @PancakeSwap.
Market impact minimal
Despite the breach, PancakeSwap’s native token, CAKE, remained resilient, rising 13,4% in the past 24 hours with an intraday high of $4.50 before cooling to $4.40, according to CoinMarketCap.
The quick recovery suggests traders viewed the incident as an isolated social-media compromise rather than an exploit affecting the protocol itself.
Part of a wider wave of social‑media attacks
The attack arrives just one week after BNB Chain’s official X account was hacked, continuing a troubling trend targeting Binance‑affiliated projects.
Shān Zhang, Chief Information Security Officer at blockchain security firm Slowmist, said that the BNB ecosystem has become a lucrative target:
“The BNB meme coin market is very hot these days,” Zhang said. “It makes the ecosystem highly attractive to scammers looking to exploit its user base.”
He added that human error remains the critical weakness:
“Many controllers have weak security awareness and are susceptible to phishing attacks.”
Experts warn of evolving phishing and deepfake threats
Cybersecurity leaders say attackers are becoming increasingly sophisticated.
Slava Demchuk, CEO of blockchain analytics firm AMLBot, noted a 60% increase in AI‑related phishing and deepfake scams over the past year.
“Fraudsters are actively marketing real‑time AI deepfake face spoofing in Telegram rooms and dark markets,” Demchuk said. “This technology is now within reach for even beginner scammers.”
Alex Katz, CEO of cybersecurity firm Kerberus, highlighted that personal vigilance isn’t enough:
“People are easy to target. Companies must ensure that basic security measures—especially non‑SMS two‑factor authentication—are standard across all accounts to mitigate SIM‑swapping and credential‑reuse risks,” Katz said.
Security best practices
Industry experts urged organizations and community managers overseeing Web3 social platforms to:
- Enable strong two‑factor authentication (2FA) not tied to phone numbers.
- Use unique, complex passwords across all accounts.
- Educate staff to spot phishing tactics and never share credentials.
- Segment account access to minimize exposure in the event of a compromise.
These measures, they say, remain the most effective short‑term defense against a surge in AI‑enhanced phishing attacks targeting both individuals and projects across the digital‑asset sector.
Oleksii Shumak
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
