SUPERFORTUNE is investigating a major GUA security incident after 14.981 million tokens were unlocked, transferred to a lookalike address and dumped onchain, triggering extreme volatility across the token’s market.
The GUA incident centers on a multisig transaction intended to release additional unlocked tokens into the project’s airdrop claim contract. The intended destination was 0x70ae7D3DECfB4C3aE996fb1c07092566F73D5c15, but the executed transaction sent the tokens to 0x70AE678b457C5E1b3fD7AD9537F234dFc1795C15, a separate address with the same first and last four characters.
The transferred 14.981 million GUA was valued at about $15.18 million before the selloff. The tokens were then swapped onchain into 2,784 ETH, worth roughly $5.66 million, and distributed across three wallets tracked by Arkham, address two and address three. GUA fell more than 70% in 24 hours, with market data showing heavy volume after the dump.
SUPERFORTUNE has not finalized the exploit path. The team initially referenced a suspected address-poisoning attack, but later said that vector appears unlikely because the hacker address had no prior interaction with SUPERFORTUNE-linked addresses and internal procedures already include multiple address-matching checks. Authorities and incident response teams have been contacted.
Lookalike Address Risk Hits Token Unlock Controls
The incident exposes a sensitive weakness in token operations: unlock transactions often move large amounts of supply at once, and a single address-selection failure can turn a routine claim-contract refill into a market-moving exploit.
GUA’s case is especially sharp because the transfer did not target a small hot wallet. It involved unlocked supply intended for airdrop claims, which meant the attacker-controlled address received enough liquidity to collapse the market when sold. The damage was not only the transferred value. The dump hit token holders directly by crushing spot liquidity and forcing the market to reprice confidence in the project’s controls.
The broader security backdrop is already tense. CryptoAdventure recently covered an abnormal vsdCRV mint on Arbitrum and the separate SKP attack on BNB Chain, both of which showed how quickly automated execution paths can create market damage. OpenZeppelin co-founder Manuel Aráoz also warned that AI is making DeFi harder to defend, adding more pressure on teams managing smart contracts, multisigs and operational security.
For GUA holders, the next signals are wallet movement, any frozen or recovered ETH, a full transaction postmortem, changes to multisig procedures and a clear plan for airdrop users affected by the failed unlock. Until then, the token remains exposed to thin liquidity, shaken confidence and further volatility from the attacker wallets.
Be the first to comment