SUPERFORTUNE is investigating a major GUA security incident after 14.981 million tokens were unlocked, transferred to a lookalike address and dumped onchain, triggering extreme volatility acr
SUPERFORTUNE is investigating a major GUA security incident after 14.981 million tokens were unlocked, transferred to a lookalike address and dumped onchain, triggering extreme volatility across the token’s market.
The GUA incident centers on a multisig transaction intended to release additional unlocked tokens into the project’s airdrop claim contract. The intended destination was 0x70ae7D3DECfB4C3aE996fb1c07092566F73D5c15, but the executed transaction sent the tokens to 0x70AE678b457C5E1b3fD7AD9537F234dFc1795C15, a separate address with the same first and last four characters.
The transferred 14.981 million GUA was valued at about $15.18 million before the selloff. The tokens were then swapped onchain into 2,784 ETH, worth roughly $5.66 million, and distributed across three wallets tracked by Arkham, address two and address three. GUA fell more than 70% in 24 hours, with market data showing heavy volume after the dump.
SUPERFORTUNE has not finalized the exploit path. The team initially referenced a suspected address-poisoning attack, but later said that vector appears unlikely because the hacker address had no prior interaction with SUPERFORTUNE-linked addresses and internal procedures already include multiple address-matching checks. Authorities and incident response teams have been contacted.
The incident exposes a sensitive weakness in token operations: unlock transactions often move large amounts of supply at once, and a single address-selection failure can turn a routine claim-contract refill into a market-moving exploit.
GUA’s case is especially sharp because the transfer did not target a small hot wallet. It involved unlocked supply intended for airdrop claims, which meant the attacker-controlled address received enough liquidity to collapse the market when sold. The damage was not only the transferred value. The dump hit token holders directly by crushing spot liquidity and forcing the market to reprice confidence in the project’s controls.
Recent DeFi incidents have exposed the same operational pressure points from several angles. An abnormal vsdCRV mint on Arbitrum put cross-chain supply controls under scrutiny, while the SKP attack on BNB Chain showed how fast automated execution can spill into real market losses. Smart contract teams are also facing a tougher review environment as AI-assisted vulnerability discovery makes DeFi harder to defend, raising the standard for multisig checks, token unlock procedures and operational security.
For GUA holders, the next signals are wallet movement, any frozen or recovered ETH, a full transaction postmortem, changes to multisig procedures and a clear plan for airdrop users affected by the failed unlock. Until then, the token remains exposed to thin liquidity, shaken confidence and further volatility from the attacker wallets.
The post SUPERFORTUNE Investigates GUA Hack After $15M Unlock Is Dumped Onchain appeared first on Crypto Adventure.
