News linked to both this project and an event.
SUPERFORTUNE AI released a 24-hour investigation update stating that the May 27 GUA security incident was not, as previously suspected, address poisoning—but rather resulted from the leakage of private keys belonging to multi-signature signers. The attacker then forged valid signatures pointing to a malicious address and exploited the “premium address” feature—where the malicious address shared the same first four and last four characters as the legitimate address—to mislead the remaining signers into completing the signing process via the Safe interface.
SUPERFORTUNE AI posted on X platform, stating that the team is investigating a GUA security incident that occurred on May 27. The incident led to drastic price fluctuations in the token. Preliminary investigations suggest the incident may involve address tampering during a multi-signature transaction.The announcement states that the original plan was to send additionally unlocked tokens to the airdrop claim contract address. However, during execution, the funds were mistakenly sent to a different hacker address. The team noted that this hacker address had never interacted with any SUPERFORTUNE-related addresses before, making an "address poisoning attack" less likely as the attack vector.Furthermore, SUPERFORTUNE stated that its internal processes include a multi-layered address verification mechanism. The team is continuing its investigation into the incident and will update the community on the latest developments subsequently.