{"id":97625,"date":"2026-05-28T16:33:35","date_gmt":"2026-05-28T13:33:35","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=97625"},"modified":"2026-05-28T16:35:25","modified_gmt":"2026-05-28T13:35:25","slug":"hacker-seizes-15-million-gua-airdrop","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-seizes-15-million-gua-airdrop\/","title":{"rendered":"Hacker Seizes $15 Million GUA Airdrop"},"content":{"rendered":"<p>The SUPERFORTUNE project team reported a security breach in which an attacker withdrew 14.98 million GUA tokens (approximately $15 million at the time of the transaction).<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are investigating a security incident that occurred for the token, <a href=\"https:\/\/x.com\/search?q=%24GUA&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$GUA<\/a>, through a suspected address poisoning attack on May 27, 2026, which has caused significant volatility on the token. <\/p>\n<p>Initial findings indicate an address manipulation through a multisig transaction\u2026<\/p>\n<p>\u2014 SUPERFORTUNE AI (@SUPERFORTUNE888) <a href=\"https:\/\/x.com\/SUPERFORTUNE888\/status\/2059818459421372485?ref_src=twsrc%5Etfw\">May 28, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.x.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to the report, the incident occurred on May 27. The project team explained the situation as an address substitution in a <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-multisignature-what-is-a-ring-signature\">multisig<\/a> transaction. Developers intended to send tokens to a contract for <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-cryptocurrency-airdrop\">airdrop<\/a> payouts. However, the funds were diverted to the hacker&#8217;s wallet, which matched the original in the first and last four characters.<\/p>\n<p>Analysts at EmberCN confirmed that the stolen assets were quickly liquidated. The mass sale of tokens led to a drop in GUA prices by more than 75%.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"zh\" dir=\"ltr\">9 \u5c0f\u65f6\u524d\uff0c1498.1 \u4e07\u679a <a href=\"https:\/\/x.com\/search?q=%24GUA&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$GUA<\/a> (\u5f53\u65f6\u4ef7\u503c $1518 \u4e07) \u88ab\u4ece\u89e3\u9501\u5408\u7ea6\u89e3\u9501\u8f6c\u51fa\u3002\u7136\u540e\u5728\u94fe\u4e0a\u88ab\u5168\u90e8\u629b\u552e\uff0c\u5bfc\u81f4 <a href=\"https:\/\/x.com\/search?q=%24GUA&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$GUA<\/a> \u6025\u5267\u66b4\u8dcc 75%\u3002<\/p>\n<p>\u8fd9\u4e9b <a href=\"https:\/\/x.com\/search?q=%24GUA&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$GUA<\/a> \u6700\u7ec8\u662f\u88ab\u6362\u6210\u4e86 2,784 \u679a ETH ( $566 \u4e07)\u5b58\u653e\u5728\u4e0b\u5217 3 \u4e2a\u94b1\u5305\uff1a<a href=\"https:\/\/t.co\/lhXdqFy3jg\">https:\/\/t.co\/lhXdqFy3jg<\/a><a href=\"https:\/\/t.co\/aZHNYdraEs\">https:\/\/t.co\/aZHNYdraEs<\/a><a href=\"https:\/\/t.co\/7i0Uwozw0M\">https:\/\/t.co\/7i0Uwozw0M<\/a><\/p>\n<p>\u6309\u9879\u76ee\u65b9\u7684\u8bf4\u6cd5\u662f\u8fd9\u7b14\u2026 <a href=\"https:\/\/t.co\/1qLi0LhAJd\">https:\/\/t.co\/1qLi0LhAJd<\/a> <a href=\"https:\/\/t.co\/rjPjF6FTmv\">pic.twitter.com\/rjPjF6FTmv<\/a><\/p>\n<p>\u2014 \u4f59\u70ec (@EmberCN) <a href=\"https:\/\/x.com\/EmberCN\/status\/2059841699246137670?ref_src=twsrc%5Etfw\">May 28, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.x.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The attacker allegedly converted the assets into 2,784 ETH (about $5.66 million) and distributed the funds across three new addresses.<\/p>\n<p>Initially, it was suspected that the project fell victim to an &#8220;address poisoning&#8221; attack. However, during a subsequent investigation, the SUPERFORTUNE team deemed this scenario unlikely.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cThe hacker&#8217;s address had not previously interacted with the project&#8217;s infrastructure. Additionally, our internal procedures include multiple stages of credential verification before signing multisig transactions,\u201d project representatives stated.<\/em><\/p>\n<\/blockquote>\n<p>The SUPERFORTUNE team has involved law enforcement and cybersecurity experts to analyze the causes of the incident and trace the movement of the stolen funds.<\/p>\n<p>Back on May 22, Polymarket <a href=\"https:\/\/forklog.com\/en\/news\/polymarket-confirms-private-key-compromise\">confirmed<\/a> a private key compromise, resulting in approximately $700,000 in damages.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The SUPERFORTUNE project team reported a security breach in which an attacker withdrew 14.98 million GUA tokens (approximately $15 million at the time of the transaction).<\/p>\n","protected":false},"author":1,"featured_media":97626,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"The SUPERFORTUNE project team reported a security breach involving $15 million.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1158,44],"class_list":["post-97625","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-airdrops","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"4","promo_type":"1","layout_type":"1","short_excerpt":"The SUPERFORTUNE project team reported a security breach involving $15 million.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=97625"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97625\/revisions"}],"predecessor-version":[{"id":97627,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97625\/revisions\/97627"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/97626"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=97625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=97625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=97625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}