Jupiter Exchange WereMeow Account Compromise

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 13:01, 22 May 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/jupiterexchangeweremeowaccountcompromise.php}} {{Unattributed Sources}} thumb|Jupiter Exchange Logo/HomepageJ.U.P. (Jupiter United Planet) is Jupiter Exchange’s strategic initiative to evolve from a product-centric platform into a full-stack, community-driven ecosystem. It focuses on uniting users, developers, small working groups, visionary community memb...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Jupiter Exchange Logo/Homepage

J.U.P. (Jupiter United Planet) is Jupiter Exchange’s strategic initiative to evolve from a product-centric platform into a full-stack, community-driven ecosystem. It focuses on uniting users, developers, small working groups, visionary community members (“Catdets”), and an upcoming DAO to execute a decentralized strategy for growth. The project emphasizes collaboration, distributed execution, and community governance. Meanwhile, founder WereMeow recently reported a sophisticated security breach of their account, despite strong protections like 2FA and unique passwords. The attack remains unexplained, with no signs of suspicious activity or session anomalies, raising concerns about session spoofing or flaws in token invalidation. A fake token was briefly promoted from the compromised account, leading to user losses that remain unaddressed, though Jupiter Exchange itself continues to operate.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24]

About Jupiter Exchange

J.U.P, or Jupiter United Planet, is a strategic vision aimed at building a dynamic and synergistic community to propel Jupiter and the cryptocurrency ecosystem forward. The project, which has been evolving for a while, is entering a critical phase with the upcoming launch of its DAO (Decentralized Autonomous Organization). The initiative seeks to blend the strengths of small, talented groups, community energy, and DAO legitimacy into a unified effort for growth.

Jupiter began as a product-focused project, where its early success was built on providing the best user experience, selection, and price, with strong feedback loops between the users and the development team. This foundation allowed Jupiter to establish a world-class product suite. Now, the focus is shifting towards building a full-stack ecosystem. This involves transitioning from a single product to a range of interconnected efforts aimed at accelerating the decentralized meta, requiring distributed networks of talent working towards a shared goal.

J.U.P is structured around five key components: 1) Users, who are the foundation of the project and whose feedback and support have been integral to its success; 2) Team, the dedicated builders behind the platform; 3) Working Groups, which are small teams within the community focused on executing specific tasks related to community management, ecosystem processes, and communication; 4) Catdets, community members who embody the long-term vision of decentralization and are key to fostering a supportive and collaborative culture; and 5) DAO, which is set to launch soon and is expected to bring distributed governance and proactive, unbiased decision-making to the project.

Ultimately, J.U.P is an experiment in distributed execution of strategy, leveraging the strengths of each component to create a holistic and robust community. As the project progresses, it aims to drive Jupiter and the decentralized meta forward. The community's involvement is essential, and the project's creators are excited for the potential of this experiment.

About WereMeow

Meow, the pseudonymous founder of Jupiter Exchange, is a prominent figure in the decentralized finance (DeFi) ecosystem, particularly within the Solana blockchain. Before establishing Jupiter, Meow co-founded Wrapped Bitcoin (wBTC), one of the largest wrapped tokens, and contributed to the Handshake project. He has also served as an advisor for notable projects such as Instadapp, Kyber, and Blockfolio.

Jupiter Exchange, under Meow's leadership, has become a leading decentralized exchange (DEX) and liquidity aggregator on Solana. The platform aims to facilitate seamless on-chain trading, enabling users to engage with decentralized applications and services. Meow emphasizes the importance of community involvement, viewing consensus as a powerful force that shapes the value and direction of cryptocurrencies.

In addition to his technical endeavors, Meow has been instrumental in fostering a community-first approach. He introduced the "Giant Unified Market" (GUM) initiative, which expands Jupiter's liquidity aggregator role to include meme coins, real-world assets, stocks, and forex assets on the Solana blockchain . This initiative reflects his commitment to broadening the scope of DeFi and enhancing its accessibility.

Meow's vision extends beyond technical innovation; he advocates for a shift from a competitive "player versus player" (PVP) mindset to a collaborative "player helps player" (PPP) approach. This philosophy underscores his belief that the strength of the DeFi ecosystem lies in community collaboration and mutual support.

Despite facing challenges, including a controversy involving the Meteora project, Meow has maintained a commitment to transparency and accountability. He initiated an independent investigation into the matter and reaffirmed Jupiter's dedication to upholding high standards of integrity within the crypto industry.

Through his work with Jupiter Exchange and his broader contributions to the DeFi space, Meow continues to influence the evolution of decentralized finance, emphasizing the importance of community, transparency, and innovation.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

Jupiter co-founder Meow's X account was reportedly hacked and posted token CA-related content, which has now been deleted.

Key Event Timeline - Jupiter Exchange WereMeow Account Compromise
Date Event Description
March 5th, 2025 12:45:00 AM MST WereMeow Posts Tweet WereMeow tweets that they have no idea what happened. They report using a strong, unique password and having 2FA enabled. All of their devices were physically with them, and the only connected apps on my account were Typefully and Streamyard. They perform an analysis of sessions and applications on their phone. They describe themselves as baffled. They ask if anyone else might have a clue what could’ve happened, or experienced something similar. They reference a tweet by @shawmakesmagic who experienced a similar account takeover.
March 5th, 2025 2:53:01 PM MST ODaily Article Published ODaily reports that Jupiter co-founder Meow’s X (formerly Twitter) account was allegedly hacked and used to post content related to a token called "CA." The posts have since been deleted, and users are advised to remain vigilant.
March 6th, 2025 11:23:00 AM MST ZewMerz Tweet Zewmers "Do you mind answering why a top holder of yours is selling to buy $VINE

Technical Details

The technical details provided in WereMeow’s tweets suggest that the account was compromised despite strong security practices. WereMeow confirms using a strong, unique password and having two-factor authentication (2FA) enabled, which typically provide significant protection against unauthorized access. All of their devices were physically in their possession at the time of the incident, reducing the likelihood of local compromise. The only connected third-party applications were Typefully and Streamyard, both longstanding and trusted integrations, implying no recent risky authorizations.

An inspection of past login sessions revealed no unusual activity — only WereMeow’s phone and the two aforementioned apps were listed, and these had not been recently active. This suggests that if an attacker gained access, they either managed to spoof an existing session or exploit some gap that didn't trigger new session logs. WereMeow also noted the possibility of a SIM swap attack but pointed out that even in such a case, the attacker would still need the account password. Regardless, they took the precaution of replacing the SIM card afterward.

Importantly, WereMeow deleted all active sessions after noticing the suspicious activity. However, the attacker still managed to post again afterward, which implies the malicious action may have been executed just before session revocation or possibly through a session that remained undetected or cached. Another curious detail is that WereMeow had recently performed a full logout of all sessions and apps just a week earlier, which should have invalidated any lingering access tokens. This raises questions about whether there was a flaw in session invalidation or a previously authorized session that wasn’t properly revoked.

In summary, the tweets reveal a technically confusing breach involving persistent access despite good security hygiene, no clear session anomalies, and a possible timing issue around session invalidation — all pointing to a sophisticated or highly opportunistic attack vector.

Total Amount Lost

Losses would be based on users who purchased the fake token launched via WereMeow's compromised account. A fully tally of losses is still TBD.

The total amount lost is unknown.

Immediate Reactions

According to weremeow, the unauthorized post was only up for about a minute. They report that user @julianhzhu was responsible for catching it.

They report looking into past sessions, and nothing suspicious showing up — just my phone and the two connected apps from a long time ago. A SIM swap is theoretically possible, but even then, the attacker would still have needed my password. I switched out my SIM just in case.

Ultimate Outcome

The tweet was removed. It is believed that anyone who bought the token is out of luck.

Total Amount Recovered

It is not believed that any recovery was made available to users who were affected.

The total amount recovered is unknown.

Ongoing Developments

Jupiter Exchange continues to operate. It does not appear that any investigation has happened into where the proceeds went.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Jupiter Co-founder Meow Suspected of Having X Account Hacked - Odaily News (Accessed May 8, 2025)
  2. Slorg - "Alert: Meow's account has been compromised He is not launching a memecoin Do not buy it, it is a scam." - Twitter/X (Accessed May 9, 2025)
  3. WereMeow - "no idea what happened - strong/unique password, 2fa, all my devices were with me, only connected apps was typefully and streamyard. - past sessions shows nothing except my phone, typefully and streamyard from long ago - sim swap is possible but they will still need password" - Twitter/X (Accessed May 9, 2025)
  4. 10kLiquid - "@55Domains @weremeow just a lil hack seems fine now" - Twitter/X (Accessed May 9, 2025)
  5. Marcel (55Domains) - "Hold on hold on.... did @weremeow just post a ca and rug it then deleted? whats up @weremeow" - Twitter/X (Accessed May 9, 2025)
  6. JohnnyG_204 - "Have any questions about the current DAO vote? Please join. @weremeow is here answering any questions you may have." - Twitter/X (Accessed May 22, 2025)
  7. Zewmers - "Do you mind answering why a top holder of yours is selling to buy $VINE Are you rugging the crypto community to buy another coin? Do you understand everything on the blockchain is traceable?" - Twitter/X (Accessed May 22, 2025)
  8. degenmx - "Lets vote to send @weremeow to jail as the biggest s[ca]mmer, thieve, and rugger from all solana history!" - Twitter/X (Accessed May 22, 2025)
  9. 0xEpitaph - "Not strengthening my confidence in JUP What next? A "hack" of the staked JUP or some other mega rug?" - Twitter/X (Accessed May 22, 2025)
  10. Marino - "Looks more and more that there is malicious player internally in the X team?" - Twitter/X (Accessed May 22, 2025)
  11. WereMeow - "Jupiter and pump fun got attacked too, but those were a full account takeover with no notifications. This feels like a session takeover, but I still do not know what happened." - Twitter/X (Accessed May 22, 2025)
  12. WereMeow - "For the Jupiter and pump hacks - those look likely. This we are not super sure" - Twitter/X (Accessed May 22, 2025)
  13. WereMeow - "Could also be someone w session keys at connected apps, but that’s super hard to pin down" - Twitter/X (Accessed May 22, 2025)
  14. Yareterr - "Bro, this was actually deleted quickly but because I had notifications turned on for your posts and @jup_mobile at hand, I managed to buy this [token.] I trusted you 100% and unfortunately it resulted in the loss of my funds[.]" - Twitter/X (Accessed May 22, 2025)
  15. Yareterr - "It all sounds logical in hindsight, bro, but I immediately remembered a meme that @weremeow planned to launch about a year ago and distribute to commenters under his post, and it made me think that maybe it's true after all" - Twitter/X (Accessed May 22, 2025)
  16. Puhzessed - "You prob weren’t hacked[. J]ust keep robbing me and not compensating" - Twitter/X (Accessed May 22, 2025)
  17. Wirelyss - "Whoa someone else too!" - Twitter/X (Accessed May 22, 2025)
  18. Interview with Meow, Founder of Jupiter: Beyond Chain Gamblers, It’s Time to Rediscover the New Generation of Community Consensus - Block Media (Accessed May 22, 2025)
  19. Meow - IQ.wiki (Accessed May 22, 2025)
  20. Conversation with Jupiter founder Meow: Token value comes from community consensus - The Block Beats (Accessed May 22, 2025)
  21. Jupiter’s Success: A Community-First Approach to Growth (Accessed May 22, 2025)
  22. Meow's Journey: Building a DeFi Empire Amidst Crypto Turmoil - CoinTeeth (Accessed May 22, 2025)
  23. Jupiter: The Aggregator Fueling Solana's GDP - Meow - Solana Compass (Accessed May 22, 2025)
  24. Jupiter DEX Founder (Meow) Addresses Recent Controversy, Announces Independent Investigation - Jupiter Legion (Accessed May 22, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Jupiter_Exchange_WereMeow_Account_Compromise&oldid=6720"