A Robinhood co-founder's cryptocurrency wallet recovery phrase was exposed during a livestream, sending the '$1' memecoin's market value up 28-fold in just two hours before it plunged. Analysts say an attacker exploited a celebrity wallet to draw copycat buying by investors, exposing vulnerabilities in copy trading in the cryptocurrency market.
Cryptopolitan, a blockchain media outlet, reported on Sunday that the '$1' token jumped in market value to $14 million from about $500,000 before falling again. During the surge, two-hour trading volume exceeded $20 million.
The incident began not with a hack but with an accidental exposure of a recovery phrase, or mnemonic seed. Michael, chief business officer at TokenPocket, explained on X that it was an exposure incident, not a hack.
He said the Robinhood co-founder's self-custody wallet recovery phrase was accidentally revealed during the livestream, allowing an attacker who saw it to access a wallet holding about $1.5 million in assets. After taking control of the wallet, the attacker bought large amounts of the '$1' token.
Market participants mistook it for an investment by the co-founder, and the price surged as thousands of investors copied the trades. The '$1' token's market value jumped about 28-fold, and Bitget classified the incident as a typical pump-and-dump case.
Michael said the attacker used the stolen wallet to take two actions. First, the attacker bought the '$1' token to induce copycat buying by the crowd. The attacker then moved funds to another blockchain, issued a new cryptocurrency and even attempted wash trading. He said the attackers later moved to BNB Chain, inflated volume to make trading appear active and then began cashing out.
Follow-up steps were also taken. Robinhood's remote procedure call service blocked the hacked wallet, and nodes using that RPC were ordered not to process transactions from the wallet. That prevented further outflows, but trades conducted on decentralised exchanges before the block could not be reversed. Losses by investors who bought '$1' during the surge were also not recovered.
The incident did not have any significant impact on prices of major cryptocurrencies such as bitcoin or ether. Still, the market viewed it as showing how risky a copy-trading culture can be when people follow large-wallet transactions without verification.
The attacker used the credibility of a well-known wallet to stoke investor sentiment, lifted the price by exploiting a structure in which the crowd followed without checking, and then moved to another chain. Analysts say the process showed a typical market manipulation method combining wash trading and pump-and-dump tactics.
The incident also highlighted again the importance of security for self-custody wallets. Robinhood warns that a recovery phrase is the only information that can restore a non-custodial crypto wallet, and sharing it with others is effectively the same as handing over control of the assets in the wallet.
Industry participants said extra caution is needed because exposing a recovery phrase in a public setting such as a livestream or screen sharing can lead to unexpected, large-scale damage.