[Superfortune: The Attack Involved Signer Private Key Leakage, Not Address Poisoning, and Was Not an Insider Act] Superfortune, incubated by Manta, released an update on the X platform regarding the recent security incident, stating that the attack was not carried out by insiders, nor was any team member involved. Claims about the team secretly selling tokens are incorrect. The team also has had no contact with Web3Port. The investigation confirmed that the attack was not due to address poisoning but rather the leakage of the signer’s private key. The attacker independently possessed the private key and submitted a transaction to a forged address 43 minutes after a legitimate transaction. The forged address had the same first and last four characters as the correct address (starting with 0x70AE and ending with 5C15) and was used to disguise itself in the Safe interface preview. The stolen funds are fully traceable and are currently stored in three cold wallets on Ethereum, totaling approximately 2,784 ETH. Additionally, around 170,000 USDT was transferred cross-chain.