Keith Gill's verified X account @TheRoaringKitty was apparently hacked on Sunday evening to promote a Solana memecoin called $RKC (Red Kitten Crew) on Pump.fun.
Author: Sahil Thakur
12th May 2026 – Keith Gill’s verified X account @TheRoaringKitty was apparently hacked on Sunday evening to promote a Solana memecoin called $RKC (Red Kitten Crew) on Pump.fun.
High Signal Summary For A Quick Glance
Yokai Capital
@YokaiCapital
not a rugpull bro just scared kids selling, his own brother launched it, nobody can hack roaring kitty's account, his one gif post moves billions of dollars in volume, think about what sort of security he has most hated rally of 21 century inc GME moment for CRYPTO https://t.co/28kuLSDJWO
Roaring Kittys brother has claimed ownership of the rugpull solana:7HgfXftRBBqsYtAEYcqjGLQrNJLL6Tww9ek4rE3Apump He is now live on Instagram and doxxed himself We know how this ends https://t.co/NC48ckSRcF https://t.co/biEqBQB8Rh
11:21 PM·May 11, 2026
APE
@TheDefiApe
So @TheRoaringKitty was hacked and launched and rugged $1M with $RKC. The crazy part is, it turns out the hacker/scammer is Roaring Kitties brother himself and he admits it on stream.. Does no one fear the law anymore? https://t.co/uWU6YCj21G
10:38 PM·May 11, 2026
Rune
@RuneCrypto_
Roaring Kitty has just been hacked 66 FRESH wallets sniped the launch and have sold around $500,000 so far next time, use @AnySwapBot to hide your traces better https://t.co/IRB8bFsGJW
09:24 PM·May 11, 2026
High attention and emotional sentiment detected.
The token launched at approximately 21:07 UTC on May 11. Minutes later, the Roaring Kitty account posted the token’s contract address alongside cat and Pepe imagery. The account had been silent for 16 months before the suspicious post appeared.
Within 30 minutes, $RKC’s market cap surged to roughly $12.24 million. It then collapsed to around $2 million as coordinated sellers dumped their holdings. According to on-chain investigator @StarPlatinum_, more than 80 wallets extracted a combined $2,864,364 from the token. The attackers reportedly netted around $500,000 in profit.
The $RKC token appeared on Pump.fun at 21:07:33 UTC. Its on-chain metadata included a direct link to @TheRoaringKitty’s X profile. On Pump.fun, anyone can embed social links in token metadata without verification from the referenced account.
At roughly 21:13 UTC, the Roaring Kitty account posted the token’s contract address with the caption “red bandit crew 4 life.” The post triggered a wave of FOMO buying from retail traders who believed Gill had returned to crypto.
The creator address listed on Pump.fun was the incinerator wallet (1nc1nerator11111111111111111111111111111111). This is a standard Pump.fun address used for creator-fee routing. It does not reveal the actual deployer’s identity.
Key milestones related to the reported $RKC / @TheRoaringKitty incident
The exact time and attack vector remain unknown. No confirmed details have been released regarding phishing, SIM swap, session hijacking, credential theft, or any other compromise method.
The $RKC “Red Kitten Crew” token launches with contract address 7HgfXftRBBqsYtAEYcqjGLQrNJLL6Tww9ek4rE3Apump. On-chain metadata explicitly links to @TheRoaringKitty’s X profile, while the creator/dev appears as the standard Pump.fun incinerator wallet.
The verified @TheRoaringKitty account, silent for more than 16 months, posts the $RKC contract address alongside cat/Pepe imagery and phrases referencing “red bandit crew.” This marks the account’s first public activity in over a year.
Within less than 30 minutes of the post, more than 80 sniper wallets and coordinated buyers enter the bonding curve. The token reaches an all-time high market cap of approximately $12.24 million.
Over the next 30–60 minutes, coordinated selling begins. More than 80 wallets extract a reported $2.86 million, while hackers or profit-takers net roughly $500,000+. Some on-chain reports cite a dev cash-out of around 6,260 SOL, or about $611,000, across bundled wallets.
After the sell-off, $RKC falls sharply to around $2 million in market cap, with more than $10.56 million in sell volume reported on PumpSwap.
Within roughly one hour of the promotional post, the $RKC-related posts are deleted from @TheRoaringKitty. Communities on X and Reddit, including r/Superstonk and r/wallstreetbets, quickly flag the activity as a likely hack.
On-chain investigator @StarPlatinum_ publishes a forensic thread documenting the metadata link, wallet flows, top holders, extraction totals, and reported profit figures tied to the $RKC launch and sell-off.
Account access appears to have been restored or secured, with no further scam posts observed. As of the latest checks, Keith Gill has not issued an official confirmation, denial, or statement on X, YouTube, or another verified channel.
Unverified community rumors claim Gill’s brother admitted involvement on a livestream or Instagram Live. These claims remain unconfirmed speculation and should be treated as a conflicting narrative unless independently verified.
On-chain data tells a clear story. According to @StarPlatinum_, over 80 wallets executed coordinated early buys through the bonding curve immediately after the post went live.
The largest holder at the token’s peak controlled roughly 3.69% of supply. That position was worth approximately $451,000 at the all-time high. These wallets used sniper bots and MEV searchers, tools that monitor new Pump.fun launches in real time and bundle buys for speed.
Total sell volume exceeded $10.56 million on PumpSwap. Overall trading volume in the first hour surpassed an estimated $20 million. The token now trades at a fraction of its peak with minimal liquidity.
Src: Lookonchain (X)
Keith Gill, known online as Roaring Kitty and DeepFuckingValue, became a household name during the 2021 GameStop short-squeeze saga. His detailed YouTube and Reddit analysis helped fuel a retail trading movement that inflicted billions in losses on short-sellers.
Gill briefly resurfaced in mid-2024 with cryptic posts that again moved GameStop’s stock price. Before Sunday’s incident, his X account had been inactive for roughly 16 months. He has no known history of promoting crypto tokens.
As of May 12, 2026, Gill has issued no public statement confirming or denying the hack. The promotional posts were deleted, and the account appears to have been recovered.
This incident follows a well-documented pattern. Attackers compromise a high-profile social media account, then use it to promote a freshly launched Pump.fun token. Sniper bots buy early, retail traders pile in on FOMO, and the coordinated wallets dump at the top.
In 2025, Pump.fun’s own official X account was hacked in a similar fashion. Attackers launched a fake governance token that briefly surged before collapsing. Multiple other celebrity and influencer accounts have been compromised for the same purpose.
Pump.fun uses Solana’s Metaplex Token Metadata standard. Creators can embed arbitrary social links during token creation. The platform does not require authorization from the referenced accounts, so any hacker controlling a target’s X profile can create a false endorsement.
Sentiment across X, Reddit, and crypto Telegram groups was overwhelmingly negative. Users on r/Superstonk and r/wallstreetbets expressed alarm and urged others to report the account. Retail victims voiced frustration, while some on-chain traders admitted profiting from the snipe.
A small minority pushed back against the hack narrative. User @0xCalavera posted “No hack It was him,” and others speculated that Gill or someone close to him may have authorized the launch. No evidence supports this theory. The 16-month silence and immediate post deletion strongly favor the compromise explanation.
GameStop shares saw brief intraday volatility tied to the news, according to reports from Yahoo Finance and BeInCrypto.
Several key details are still missing. The exact method of compromise, whether SIM swap, phishing, session hijack, or credential theft, has not been disclosed. No law enforcement agency has issued a statement. There is no information about whether Gill plans to address the incident publicly.
The identity of the operators behind the sniper wallets also remains unknown. Transaction histories are publicly verifiable on Solscan, but wallet ownership is not.
The Roaring Kitty hack reinforces a growing problem. High-profile X accounts remain attractive targets for token promoters because a single post from a trusted name can drive millions in volume within minutes.
Until platforms like Pump.fun implement metadata verification, and until X enforces stronger security defaults for high-profile accounts, this playbook will likely continue. Users should treat any sudden, out-of-character token promotion with extreme skepticism, regardless of the source.
This is not financial advice. Always verify token launches through multiple independent sources before interacting with any smart contract.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Polymarket MicroStrategy Dispute Sparks $500K Loss Claim
Alephium Bridge Exploited for $815K via Forged VAAs
DxSale Liquidity Drain Hits 1,400 BNB Chain Pools for $7.3M
James Wynn Accused of $WORLD Rug Pull for 3.2 SOL
Polymarket MicroStrategy Dispute Sparks $500K Loss Claim
Alephium Bridge Exploited for $815K via Forged VAAs
DxSale Liquidity Drain Hits 1,400 BNB Chain Pools for $7.3M
James Wynn Accused of $WORLD Rug Pull for 3.2 SOL
