QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
MARCH 2025
GLOBAL
JUPITER EXCHANGE
DESCRIPTION OF EVENTS
J.U.P, or Jupiter United Planet, is a strategic vision aimed at building a dynamic and synergistic community to propel Jupiter and the cryptocurrency ecosystem forward. The project, which has been evolving for a while, is entering a critical phase with the upcoming launch of its DAO (Decentralized Autonomous Organization). The initiative seeks to blend the strengths of small, talented groups, community energy, and DAO legitimacy into a unified effort for growth.
Jupiter began as a product-focused project, where its early success was built on providing the best user experience, selection, and price, with strong feedback loops between the users and the development team. This foundation allowed Jupiter to establish a world-class product suite. Now, the focus is shifting towards building a full-stack ecosystem. This involves transitioning from a single product to a range of interconnected efforts aimed at accelerating the decentralized meta, requiring distributed networks of talent working towards a shared goal.
J.U.P is structured around five key components: 1) Users, who are the foundation of the project and whose feedback and support have been integral to its success; 2) Team, the dedicated builders behind the platform; 3) Working Groups, which are small teams within the community focused on executing specific tasks related to community management, ecosystem processes, and communication; 4) Catdets, community members who embody the long-term vision of decentralization and are key to fostering a supportive and collaborative culture; and 5) DAO, which is set to launch soon and is expected to bring distributed governance and proactive, unbiased decision-making to the project.
Ultimately, J.U.P is an experiment in distributed execution of strategy, leveraging the strengths of each component to create a holistic and robust community. As the project progresses, it aims to drive Jupiter and the decentralized meta forward. The community's involvement is essential, and the project's creators are excited for the potential of this experiment.
The technical details provided in WereMeow’s tweets suggest that the account was compromised despite strong security practices. WereMeow confirms using a strong, unique password and having two-factor authentication (2FA) enabled, which typically provide significant protection against unauthorized access. All of their devices were physically in their possession at the time of the incident, reducing the likelihood of local compromise. The only connected third-party applications were Typefully and Streamyard, both longstanding and trusted integrations, implying no recent risky authorizations.
An inspection of past login sessions revealed no unusual activity — only WereMeow’s phone and the two aforementioned apps were listed, and these had not been recently active. This suggests that if an attacker gained access, they either managed to spoof an existing session or exploit some gap that didn't trigger new session logs. WereMeow also noted the possibility of a SIM swap attack but pointed out that even in such a case, the attacker would still need the account password. Regardless, they took the precaution of replacing the SIM card afterward.
Importantly, WereMeow deleted all active sessions after noticing the suspicious activity. However, the attacker still managed to post again afterward, which implies the malicious action may have been executed just before session revocation or possibly through a session that remained undetected or cached. Another curious detail is that WereMeow had recently performed a full logout of all sessions and apps just a week earlier, which should have invalidated any lingering access tokens. This raises questions about whether there was a flaw in session invalidation or a previously authorized session that wasn’t properly revoked.
In summary, the tweets reveal a technically confusing breach involving persistent access despite good security hygiene, no clear session anomalies, and a possible timing issue around session invalidation — all pointing to a sophisticated or highly opportunistic attack vector.
Losses would be based on users who purchased the fake token launched via WereMeow's compromised account. A fully tally of losses is still TBD.
According to weremeow, the unauthorized post was only up for about a minute. They report that user @julianhzhu was responsible for catching it.
They report looking into past sessions, and nothing suspicious showing up — just my phone and the two connected apps from a long time ago. A SIM swap is theoretically possible, but even then, the attacker would still have needed my password. I switched out my SIM just in case.
The tweet was removed. It is believed that anyone who bought the token is out of luck.
It is not believed that any recovery was made available to users who were affected.
Jupiter Exchange continues to operate. It does not appear that any investigation has happened into where the proceeds went.
J.U.P. (Jupiter United Planet) is Jupiter Exchange’s strategic initiative to evolve from a product-centric platform into a full-stack, community-driven ecosystem. It focuses on uniting users, developers, small working groups, visionary community members (“Catdets”), and an upcoming DAO to execute a decentralized strategy for growth. The project emphasizes collaboration, distributed execution, and community governance. Meanwhile, founder WereMeow recently reported a sophisticated security breach of their account, despite strong protections like 2FA and unique passwords. The attack remains unexplained, with no signs of suspicious activity or session anomalies, raising concerns about session spoofing or flaws in token invalidation. A fake token was briefly promoted from the compromised account, leading to user losses that remain unaddressed, though Jupiter Exchange itself continues to operate.
Jupiter Co-founder Meow Suspected of Having X Account Hacked - Odaily News (May 8)
Slorg - "Alert: Meow's account has been compromised He is not launching a memecoin Do not buy it, it is a scam." - Twitter/X (May 9)
WereMeow - "no idea what happened - strong/unique password, 2fa, all my devices were with me, only connected apps was typefully and streamyard. - past sessions shows nothing except my phone, typefully and streamyard from long ago - sim swap is possible but they will still need password" - Twitter/X (May 9)
10kLiquid - "@55Domains @weremeow just a lil hack seems fine now" - Twitter/X (May 9)
Marcel (55Domains) - "Hold on hold on.... did @weremeow just post a ca and rug it then deleted? whats up @weremeow" - Twitter/X (May 9)
JohnnyG_204 - "Have any questions about the current DAO vote? Please join. @weremeow is here answering any questions you may have." - Twitter/X (May 22)
Zewmers - "Do you mind answering why a top holder of yours is selling to buy $VINE Are you rugging the crypto community to buy another coin? Do you understand everything on the blockchain is traceable?" - Twitter/X (May 22)
degenmx - "Lets vote to send @weremeow to jail as the biggest s[ca]mmer, thieve, and rugger from all solana history!" - Twitter/X (May 22)
0xEpitaph - "Not strengthening my confidence in JUP What next? A "hack" of the staked JUP or some other mega rug?" - Twitter/X (May 22)
Marino - "Looks more and more that there is malicious player internally in the X team?" - Twitter/X (May 22)
WereMeow - "Jupiter and pump fun got attacked too, but those were a full account takeover with no notifications. This feels like a session takeover, but I still do not know what happened." - Twitter/X (May 22)
WereMeow - "For the Jupiter and pump hacks - those look likely. This we are not super sure" - Twitter/X (May 22)
WereMeow - "Could also be someone w session keys at connected apps, but that’s super hard to pin down" - Twitter/X (May 22)
Yareterr - "Bro, this was actually deleted quickly but because I had notifications turned on for your posts and @jup_mobile at hand, I managed to buy this [token.] I trusted you 100% and unfortunately it resulted in the loss of my funds[.]" - Twitter/X (May 22)
Yareterr - "It all sounds logical in hindsight, bro, but I immediately remembered a meme that @weremeow planned to launch about a year ago and distribute to commenters under his post, and it made me think that maybe it's true after all" - Twitter/X (May 22)
Puhzessed - "You prob weren’t hacked[. J]ust keep robbing me and not compensating" - Twitter/X (May 22)
Wirelyss - "Whoa someone else too!" - Twitter/X (May 22)
Interview with Meow, Founder of Jupiter: Beyond Chain Gamblers, It’s Time to Rediscover the New Generation of Community Consensus - Block Media (May 22)
Meow - IQ.wiki (May 22)
Conversation with Jupiter founder Meow: Token value comes from community consensus - The Block Beats (May 22)
Jupiter’s Success: A Community-First Approach to Growth (May 22)
Meow's Journey: Building a DeFi Empire Amidst Crypto Turmoil - CoinTeeth (May 22)
Jupiter: The Aggregator Fueling Solana's GDP - Meow - Solana Compass (May 22)
Jupiter DEX Founder (Meow) Addresses Recent Controversy, Announces Independent Investigation - Jupiter Legion (May 22)
