A hacker exploited a critical oversight during the SUPERFORTUNE (GUA) airdrop process, seizing nearly $15 million worth of tokens and triggering a severe crash in GUA’s price. The development unfolded as the project’s team attempted to deploy tokens into a contract designed for the airdrop’s payout mechanism. Instead, the tokens were mistakenly rerouted to an attacker’s wallet address deliberately crafted to mimic the legitimate multisig address–sharing the same first and last four characters.
This subtle but deceptive substitution went unnoticed until the attacker swiftly liquidated 14.98 million GUA tokens. The dump punched the GUA market hard, sending the token’s price down by more than 75% in a sharp sell-off that rattled traders and investors alike. Liquidation of such a sizeable volume in a compressed timeframe drained liquidity and wiped out much of the token’s market confidence.
The team accounted for the breach, attributing the failure to a compromised multisig transaction process where the recipient address was swapped with a look-alike. It appears the verification protocols for multisig signatories and destination wallets did not identify the fraudulent address, exposing a glaring vulnerability in the project’s distribution workflow.
Market participants are now scrutinizing SUPERFORTUNE’s security governance and multisig controls. With an exploit of this scale, questions arise about the team’s operational security, internal checks, and audit rigor. The incident throws into stark relief the risk of “typo-squatting” or address ambiguity attacks, which continue to be a significant threat vector in DeFi and token launches.
GUA’s tokenomics face immediate pressure as locked tokens intended for community distribution vanished into attacker control. The consequent sell-off not only reduces circulating supply held by loyalists but also erodes trust necessary for recovery and long-term utility. Exchanges listing GUA have seen volume spike sharply as the token’s volatility surges post-incident.
Looking ahead, traders should monitor official updates from SUPERFORTUNE’s developers regarding stolen token recovery or burn plans, potential recompense mechanisms, or contractual patching. The project’s ability to contain fallout and shore up multisig and smart contract security will shape GUA’s next directional moves. A fortified wallet verification system and transparent incident handling could help stabilize the shaken market sentiment.
For now, risk remains elevated. The $15 million loss highlights the importance of meticulous multisig protocols and address validation in token distribution strategies. The GUA crash serves as a cautionary tale for all projects relying on complex on-chain executions in adversarial environments. Watch for scheduled developer communications and any forensic reports clarifying if additional funds are at risk or recovery options exist.
Hacker Swipes $15M from SUPERFORTUNE’s GUA Airdrop, Token Tanks 75%
A hacker intercepted a $15 million airdrop from the SUPERFORTUNE (GUA) project by substituting the multisig transaction address. The hacker sold nearly 15 million GUA tokens, causing the token price to drop over 75%.