Superfortune: The leakage of the attacker's private key rather than address poisoning is not the work of an insider

By: rootdata|2026/05/29 20:45:01
0
Share
copy

Superfortune, incubated by Manta, recently released an update on the X platform regarding a security incident, stating that the attack was not carried out by internal personnel and that no team members were involved. The claim about the team secretly selling tokens is incorrect. The team has also not had any contact with Web3Port.

The investigation confirmed that the attack was not due to address poisoning, but rather a leak of the signer's private key. The attacker independently held the private key and submitted a transaction with a forged address 43 minutes after the correct transaction. The forged address shares the first and last four characters with the correct address (starting with 0x70AE and ending with 5C15) to disguise itself in the Safe interface preview. The stolen funds are fully traceable and are currently stored in three cold wallets on Ethereum, containing approximately 2784 ETH, along with about 170,000 USDT that were cross-chain transferred out.

The attacker also created a large number of counterfeit addresses and sent false transfer events to these addresses using Unicode-forged token symbols in an attempt to confuse tracking. This counterfeit address construction technique is the same as the method used when attacking this project. The attacker had pre-built a large-scale infrastructure, indicating that this was an industrialized operation rather than an opportunistic attack.

-- Price

--

You may also like

Morning News | SK Hynix officially launches the marketing promotion process for its U.S. stock listing; the Central Cyberspace Administration announces the results of the first phase of rectifying AI application chaos, with over 14,000 non-compliant pr...

July 6 Market Important Events Overview

How has Binance's stock business performed in the 30 days since its launch?

Emerging market buying supported the first wave of demand.

Blockchain Capital Partner: AI is rewriting the fundamental unit of labor

The rise of AI is rewriting the basic unit of labor from "positions" and "companies" to "tasks." When programmable labor meets programmable currency, a production line without companies, salary systems, or HR becomes possible for the first time.

Can Open USD support Stripe's ambitions?

Stripe collaborates with multiple parties to launch OUSD, not only challenging the dominance of USDC but also exposing its trillion-dollar ambition to transition from a "payment interface" to a "next-generation funds settlement network."

Founder of Baixing.com: I believe half of the statement that large language models devour everything

The internet has been shouting for so many years about devouring everything. Has it really devoured everything now? Is it the internet that devours everything, or is it the large models that devour everything? Both are devouring, and nothing is left?

A "legal" robbery? Attackers emptied the BonkDAO treasury by buying tickets

Handing over the keys to the vault to a public vote where "anyone can spend money to participate," without sufficient oversight mechanisms, even the most legitimate governance ideals may turn into the most convenient tools for attackers.

Contents

Popular coins

Latest Crypto News

Read more
iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com