Remember the time that Donald Trump posted a link on his @realDonaldTrump Twitter account about “Trump’s Meat” that featured a nude photo of himself?

No? Well, of course you don’t. It didn’t happen. But, then, how can you see this photo seemingly featuring the President Trump, fully nude, getting a spray tan, in a tweet that Trump posted back in 2013?

That’s because President Donald Trump’s posts on X were hijacked last week after an exploit was discovered on the link shortener platform Bitly by crypto pump and dump scammers.

Hijack, pump, and dump

Over the course of a few hours, memecoin creators were able to “hack” old posts on Donald Trump’s X account via Bitly short URLs and insert their own links that sent users to their pump.fun page where their their newly-created pump and dump tokens could be purchased.

Pump.fun a crypto platform that lets anyone easily create a memecoin to buy and sell. Many memecoins created on the platform are pump and dump schemes where the creator and early-buying insiders sell off large quantities of the token for a profit as soon as regular users start to buy-in.

For example, one tweet that Trump posted in April 2013 reads “Follow me on Instagram-.“ The link once included a short link from Bitly that forwarded users to Trump’s Instagram. However, after the crypto scammers discovered the Bitly bug, they were able to take over Trump’s old Bitly link that went to his Instagram and instead directed users to their newly-minted ”DJT“ memecoin listing on pump.fun.

The scheme appeared to work as some crypto traders did not want to seemingly miss out on what could’ve been another one of Trump’s official cryptocurrencies like the $TRUMP and $MELANIA memecoins that launched the weekend of the Inauguration. The DJT token had a $1 million market cap with over $7 million in trade value at one point. Some DJT holders made off with as much as six-figures in profit after selling before the token was dumped.

Bitly has since fixed the issue and killed the hijacked short URL links entirely.

“This link or QR Code has been deactivated,” reads a Bitly error page that Trump’s old Instagram Bitly link now forwards to since the flaw was patched.

Elon Musk’s X still displays the memecoin social media preview image in the tweets as seen here: https://x.com/realDonaldTrump/status/321663611766452224

While the crypto schemers did not have access to Trump’s actual X account, they quickly discovered that they could hijack links to a number of President Trump’s old posts that had included Bitly links.

“My thoughts on the @hannityshow and my appearance at The Tea Party this weekend....” read the aforementioned 2013 Trump post that now included a link to a memecoin called “Trump’s Meat.”

The social media preview image features a picture from a 2017 photoshoot spoof with a buck-naked Trump impersonator back in 2017. The preview image can still be seen on Trump’s post on X: https://x.com/realDonaldTrump/status/58919218913099776

At least one Bitly link in an old 2013 post from Melania Trump’s official account was also hijacked.

How did this happen?

When a user creates a short link on Bitly, it usually looks like this: “bit.ly/” followed by a randomized string of numbers and letters created by the service. However, users can also choose to customized the back-half that comes after the slash.

If a custom back-half of a Bitly link is already in use, Bitly will lets users know that its already taken.

However, it appears that there was a bug in Bitly that allowed users to create a custom back-half that was previously in use if the original link or Bitly account that created the link was deleted or deactivated.

Using this method, memecoin creators were able to promote their own pump and dump schemes in Trump posts that were originally published before Dogecoin, the first ever memecoin, was even created.

As previously mentioned, Bitly has since fixed the bug and removed the redirects that were hijacked.

While Trump and his team do not appear to be responsible for the security flaw, its clear that bad actors are looking to piggyback off of his legitimatization of the memecoin space, which is rife with scams and illicit activity, in order to profit – just like Trump is.