On May 27, 2026, SUPERFORTUNE / SUPERFORTUNE AI, incubated by Manta Network, suddenly announced that its GUA token had encountered a security incident during an otherwise routine fund transfer. According to the project team, they were preparing to send a portion of the extra unlocked GUA to the designated airdrop receiving contract for subsequent distribution, but in the end, the tokens did not enter the contract and were instead transferred to a wallet that had never interacted with the project before, which was later deemed by the officials to be a "hacker address." The project announcement stated that preliminary investigations pointed to a “target address being tampered with” during a multi-signature transaction, suggesting a targeted attack on the multi-signature process. However, the community quickly seized the gap in the narrative: if this was a common case of "address poisoning" or a similar tactic, why was there no historical interaction record of the address involved with the project? This combination of “address tampering” and “non-interactive hacker address” led many token holders to begin questioning whether the details of the incident had been fully disclosed. After the news broke, GUA rapidly experienced severe fluctuations in the secondary market, with sentiments shifting from shock to panic, and inquiries regarding the cause of the incident, liability, and asset whereabouts quickly escalated. This narrative conflict surrounding the multi-signature incident suddenly put the fund management mechanism, originally viewed as a safety line, in the public judgment seat.
Multi-signature transfer veered off: Chips intended for airdrop were sent away
According to the project team, this incident was originally just a routine fund operation: the team planned to transfer a portion of the unlocked GUA from a wallet controlled by the project to the airdrop receiving contract for future community distributions. The process was placed under multi-signature wallet control, meaning that this transaction needed confirmation from multiple signers before being executed on-chain, intended to minimize the risk of a "slip of hand" through multi-signatures.
However, what actually occurred on-chain completely deviated from expectations. The project team announced that this multi-signature transaction, marked for airdrop preparation, did not send the GUA into the designated airdrop receiving contract but instead went directly into a wallet that had no previous interaction record with SUPERFORTUNE. The team subsequently identified this address as a hacker-controlled address and suggested in their preliminary investigation that “the target address in the multi-signature transaction was tampered with.” Because this occurred under multi-signature protection and pointed to an unknown address that had “completely blank” historical interaction records with the project, this transfer deviation seemed particularly unusual, forcing the multi-signature setup, initially viewed as a safety valve, into the central position of the incident narrative.
Did multi-signature fail to block the tampering? Security promises challenged
In the narratives of most crypto projects, multi-signature wallets are almost equivalent to "secure vaults": for a transaction to be executed, it must be confirmed by multiple signers, with the design goal being to disperse the risk from “a single private key being stolen” to the very small probability event of “multiple individuals failing at the same time.” By standard practice, participants in multi-signatures would manually verify the target address multiple times to avoid even a single digit being miswritten, thus it is fundamentally at odds with industry expectations for multi-signatures to directly send large assets into an unknown address that had no prior interaction records with the project.
Also because of this, the statement given by the project team during preliminary investigations—“the target address in a multi-signature transaction was tampered with”—becomes particularly striking. If it is indeed as stated in the announcement, it would mean that there was a noticeable lapse in address verification at least at one link in the chain from initiation to signing, and it may have even fallen prey to a new type of attack technique. There have been past instances in the industry of "address poisoning" and "imitation similar addresses," subtly guiding users to transfer funds to incorrect addresses, but in this incident, the project team has yet to disclose the hash of the transaction, the complete signature process, and the details of the operating interface. The outside world cannot confirm what addresses the multi-signature participants actually saw, nor can they determine whether the so-called “address tampering” happened on-chain or off-chain. Before more on-chain evidence is disclosed, whether this multi-signature accident is a precise attack or a basic error can only remain a matter of hypothesis.
Address poisoning doesn’t add up? Community starts to question the script
For many old users, the so-called “address poisoning” has a fixed paradigm: the attacker first sends a small amount to the target wallet, creating a “very similar address with recent interaction records,” enabling the other party to accidentally click the wrong one in historical records or the address book. But this time, the project team stressed that the hacker address involved had never interacted with any SUPERFORTUNE related address before the incident occurred. This means that the multi-signature signers could not have seen that string of addresses in the wallet’s transaction history, nor was there any psychological prompt of “having just sent money to this address recently.” The logic of using conventional poisoning methods to “sneak in” to the multi-signature payment section seems far-fetched, leading the community to further question: if this is not typical poisoning, how did that unknown address initially appear in the multi-signature transaction?
The doubts do not stop there. As of now, the outside world still cannot see specific details of the stolen amount, address details, and the complete transaction path; not even the hash of that key multi-signature transaction has been disclosed. The project team has only provided a principle statement of “under investigation and will continue to update the community,” yet they have failed to present any technical review or on-chain evidence to fill in the narrative gaps. In the emotional climate of GUA's price fluctuations, this lack of information quickly amplified the panic: some began to suspect whether there was a particularly gross operational error, while others further speculated whether it might be due to internal procedural negligence or even more complex liability issues, and whether the official story could stand up to scrutiny is gradually becoming a central variable affecting trust.
Price shock and trust erosion: GUA investors under pressure
According to AiCoin data, after the incident was confirmed, GUA quickly entered a high-frequency fluctuation interval in the secondary market. The K-line that was being pulled in short order directly pushed the holders who originally entered the market with “airdrop expectations” and “ecosystem narratives” into panic mode. For many, the portion that was originally intended for the airdrop receiving contract and perceived as the “closest to the community” chips, suddenly being declared misrouted to a hacker's address means that what they had bet on was not just simple price fluctuations but a part of the future that was supposed to be open to the community being paused.
For an early project incubated by Manta Network, such security incidents are almost immediately magnified into questions about the team's professionalism and risk control systems: multi-signatures should have been a “robust configuration,” yet now there were claims of a target address being tampered with during the most critical airdrop distribution phase, while the project team has yet to release the specific amount stolen, the transaction hash in question, and the complete flow of funds, making it difficult for the external parties to estimate the upper limit of potential losses or gauge the rates of possible recovery or compensation. In the short term, this inability to quantify risk is squeezing the trust space of GUA holders along with the severe fluctuations in the market, and whether the project can provide clear boundaries of loss and repair pathways is becoming a key variable in determining whether sentiment can stabilize.
Investigation incomplete: How multi-signature projects can rebuild trust
As the project team continues to respond with “under investigation and will continue to update,” while crucial transaction hashes, the scale of theft, and the whereabouts of the funds remain vacant, all external judgments can only remain at a cautious hypothetical level, with no one able to give definitive conclusions on risk exposure and the likelihood of recovery. What really deserves close attention next is not just the price curve of the secondary market, but whether the project is willing and capable of publicly disclosing the complete transaction details, explaining the accountability for each link in the multi-signature execution chain, and based on this, putting forward a clear compensation framework for token holders and a verifiable risk control upgrade roadmap. It remains unconfirmed whether any assets have been recovered or if any concrete compensation plans have been formed, and if these issues remain unresolved, any promises of “security enhancements” will struggle to translate into substantial trust. When viewed on a broader scale, every similar multi-signature error or attack will force other vault projects to review their signature processes and authority allocations, especially in terms of implementing improvements that have been repeatedly mentioned in the industry, such as enabling address whitelisting, strengthening offline verification by multiple parties, and highlighting risk warnings on the signing interface; only those who can translate lessons into visible operational norms on-chain will be qualified to talk about “security premiums” when the next round of uncertainty arrives.
Join our community to discuss and become stronger together!
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin On-chain Twitter: https://x.com/aicoinwhaledata
Exclusive Hyperliquid benefits from AiCoin: https://app.hyperliquid.xyz/join/AICOIN88
Exclusive Aster benefits from AiCoin: https://www.asterdex.com/zh-CN/referral/9C50e2
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
