Audit log

Every state-changing event for Superfortune AI (GUA): moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-04 17:19:28Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 424,287,436

   sig

   3aVWA5iLqm3W…iFWoaLFBcopyexplorer ↗

   hash

   FMGoiJmsiSu5…NTzMTzhwcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (15982 B) ▸

   {"actor":"system:backfill","investigation_id":"2edf9864-5d29-4369-a057-c13934ef5eb4","kind":"publish","page_slug":"superfortune-ai-gua","published_at":"2026-06-04T17:19:27.968Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Superfortune AI (GUA)","sections":[{"content":"On May 27, 2026, Superfortune AI suffered its most significant security event when approximately 14.98 million GUA tokens were redirected from an intended airdrop distribution to an address believed to be controlled by an attacker. The legitimate destination address was 0x70ae7D3DECfB4C3aE996fb1c07092566F73D5c15; the tokens were instead routed to a visually similar lookalike address, 0x70AE678b457C5E1b3fD7AD9537F234dFc1795C15, during a multisignature transaction. The transfer occurred on both Ethereum and Binance Smart Chain. The attacker subsequently dumped the tokens on-chain over approximately nine hours, receiving roughly 2,784 ETH (approximately $5.66 million in net proceeds at prevailing prices), while the total value of the diverted tokens at the time of transfer was estimated at approximately $15.18 million by the Cryip May 2026 hacks report. The incident was the single largest loss event across all tracked crypto exploits in May 2026.","heading":"Security Incident — Airdrop Address Redirection (May 27, 2026)","severity":"critical","sources":[{"credibility":2,"name":"Halborn: Explained — The Superfortune AI Hack, May 2026","type":"research","url":"https://www.halborn.com/blog/post/explained-the-superfortune-ai-hack-may-2026"},{"credibility":2,"name":"Cryip: May 2026 Crypto Hacks Report — $84.2 Million Lost Across 41 Incidents","type":"research","url":"https://cryip.co/may-2026-crypto-hacks-report-84-2-million-lost-across-41-incidents/"},{"credibility":2,"name":"CoinInsider: Superfortune Probes GUA Address-Tampering Claim","type":"news_article","url":"https://www.coininsider.com/news/superfortune-probes-gua-address-tampering-claim/"}]},{"content":"The attack vector does not conform to a classic address poisoning pattern, which would require the attacker's address to have prior transaction history with the victim's wallets. According to Halborn's analysis, the attacker's address had no prior interaction with any Superfortune-related wallet, which makes standard address poisoning an unlikely explanation. Potential causes identified by researchers include compromised tooling, an operational error during multisig execution, or a broader vulnerability in the project's multisig workflow. Separately, Superfortune's own team stated that the attack was caused by the signer's private key being leaked — effectively a private key compromise on both Ethereum and BNB Chain — and denied that the incident constituted an insider job. As of the date of this writing, the team had not released a formal post-mortem confirming the definitive root cause, and the investigation was described as ongoing.","heading":"Root Cause Analysis — Disputed Attribution","severity":"critical","sources":[{"credibility":2,"name":"Halborn: Explained — The Superfortune AI Hack, May 2026","type":"research","url":"https://www.halborn.com/blog/post/explained-the-superfortune-ai-hack-may-2026"},{"credibility":2,"name":"CoinInsider: Superfortune Probes GUA Address-Tampering Claim","type":"news_article","url":"https://www.coininsider.com/news/superfortune-probes-gua-address-tampering-claim/"},{"credibility":3,"name":"SUPERFORTUNE AI on X — Official incident disclosure, May 27 2026","type":"social_media","url":"https://x.com/SUPERFORTUNE888/status/2059818459421372485"}]},{"content":"Security researchers and community observers have alleged that the multisig ownership chain raises structural concerns that elevate the possibility of an insider-facilitated incident. Halborn noted that the project's multisig protections and multiple address-verification controls failed to prevent the transfer despite being specifically designed to guard against this class of error. The combination of factors — the attacker address having no prior on-chain history with the project, the failure of layered verification controls, the fact that valid multisig signers approved the transaction, and the speed of the subsequent token dump — led some community members and analysts to allege the incident may have involved insider access rather than an external compromise. The Superfortune team publicly denied any insider involvement, attributing the event to a leaked signer private key. These competing characterizations remain unresolved, and no independent forensic investigation report had been publicly released as of June 2026.","heading":"Insider-Job Suspicions and Multisig Ownership Concerns","severity":"high","sources":[{"credibility":2,"name":"Halborn: Explained — The Superfortune AI Hack, May 2026","type":"research","url":"https://www.halborn.com/blog/post/explained-the-superfortune-ai-hack-may-2026"},{"credibility":2,"name":"CoinInsider: Superfortune Probes GUA Address-Tampering Claim","type":"news_article","url":"https://www.coininsider.com/news/superfortune-probes-gua-address-tampering-claim/"}]},{"content":"GUA experienced a decline of approximately 75.8% within 24 hours of the incident, reaching $0.3044 according to CoinGecko data cited by PANews. This represents one of the sharpest single-day declines in the token's history since its November 2025 launch. The attacker sold approximately 14.98 million tokens over roughly nine hours, consistent with a sustained market sell-off rather than a single block liquidation. As of early June 2026, GUA was trading at approximately $0.78 with a market capitalization of approximately $34.6 million, roughly 53% below its all-time high of $1.67, reflecting that the token had partially recovered from the post-incident low but had not returned to pre-incident price levels. The fully diluted valuation (FDV) at current prices remains approximately $769 million based on a 1 billion total supply.","heading":"Market Impact and Token Price Decline","severity":"high","sources":[{"credibility":2,"name":"PANews: Manta's co-founder stated they are investigating the Superfortune security incident; GUA tokens have fallen nearly 76% in the past 24 hours","type":"news_article","url":"https://www.panewslab.com/en/articles/019e6c32-dc2c-75cd-91b9-16b7c9d61cbb"},{"credibility":2,"name":"CoinGecko: Superfortune Price — GUA/USD Live Price Chart","type":"on_chain","url":"https://www.coingecko.com/en/coins/superfortune"},{"credibility":2,"name":"Cryip: May 2026 Crypto Hacks Report","type":"research","url":"https://cryip.co/may-2026-crypto-hacks-report-84-2-million-lost-across-41-incidents/"}]},{"content":"Following the incident, Kenny Li, a co-founder of Manta Network and the primary public figure associated with the Superfortune incubation, posted in the community that a security incident had occurred and that 'recent token unlocks were hijacked,' adding that the team was 'currently investigating the matter' and would 'continue to update the community on the latest developments.' The Superfortune project itself disclosed on its official X account that it was 'investigating a security incident' involving 'a suspected address poisoning attack' with 'address manipulation through a multisig transaction.' CoinInsider reported that early internal review suggested 'possible address manipulation in the multisig flow rather than a confirmed exploit' in the GUA token contract itself. The token contract was described as intact. As of June 2026, no formal remediation plan, compensation mechanism, or confirmed attacker identification had been publicly announced.","heading":"Team Response and Manta Network Connection","severity":"high","sources":[{"credibility":2,"name":"PANews: Manta's co-founder stated they are investigating the Superfortune security incident","type":"news_article","url":"https://www.panewslab.com/en/articles/019e6c32-dc2c-75cd-91b9-16b7c9d61cbb"},{"credibility":3,"name":"SUPERFORTUNE AI on X — Official incident disclosure","type":"social_media","url":"https://x.com/SUPERFORTUNE888/status/2059818459421372485"},{"credibility":2,"name":"CoinInsider: Superfortune Probes GUA Address-Tampering Claim","type":"news_article","url":"https://www.coininsider.com/news/superfortune-probes-gua-address-tampering-claim/"}]},{"content":"Superfortune AI describes itself as the first decentralized application on BNB Chain to combine AI with Chinese metaphysical systems, including Bazi (Four Pillars of Destiny) and I Ching divination, targeting what the project characterizes as a $392 billion global metaphysics market. The project was incubated by Manta Labs, the development entity behind Manta Network. GUA launched its Token Generation Event on November 27, 2025, with initial liquidity deployed directly on PancakeSwap. The total token supply is capped at 1 billion GUA, with approximately 4.5% (45 million tokens) circulating at TGE. The project was also listed on Binance Alpha at launch, giving it early exchange visibility. The platform offers fortune readings, crypto token analysis, and a referral reward system denominated in Fortune Points.","heading":"Project Background and Tokenomics","severity":"low","sources":[{"credibility":3,"name":"BingX: What Is Superfortune (GUA) AI Metaphysics Crypto and How Does It Work?","type":"other","url":"https://bingx.com/en/learn/article/what-is-superfortune-gua-token-how-does-it-work"},{"credibility":3,"name":"CoinFomania: Binance Alpha Lists SUPERFORTUNE (GUA) and Launches Tiered Airdrop","type":"news_article","url":"https://coinfomania.com/binance-alpha-lists-superfortune-gua-airdrop-launch/"},{"credibility":2,"name":"BeInCrypto: Superfortune Launches AI-powered Mobile App","type":"news_article","url":"https://beincrypto.com/superfortune-ai-mobile-app-launch/"}]},{"content":"The Cryip May 2026 hacks report identified the Superfortune incident as part of a broader pattern in which 63% of that month's total crypto losses stemmed from infrastructure-layer attacks targeting governance mechanisms, bridge verification, and signer key management rather than smart contract code vulnerabilities. The report characterized the Superfortune case as an example of a governance trust vulnerability and cited it as evidence for the need for timelocks, hardware security modules for signer key management, and additional governance safeguards in similar protocols. The incident ranked as the largest single loss event across all 41 tracked incidents in May 2026, exceeding all other individual exploits for that month.","heading":"Broader Infrastructure Attack Context","severity":"medium","sources":[{"credibility":2,"name":"Cryip: May 2026 Crypto Hacks Report — $84.2 Million Lost Across 41 Incidents","type":"research","url":"https://cryip.co/may-2026-crypto-hacks-report-84-2-million-lost-across-41-incidents/"}]}],"sources_used":[{"credibility":2,"name":"Halborn: Explained — The Superfortune AI Hack, May 2026","type":"research","url":"https://www.halborn.com/blog/post/explained-the-superfortune-ai-hack-may-2026"},{"credibility":2,"name":"CoinInsider: Superfortune Probes GUA Address-Tampering Claim","type":"news_article","url":"https://www.coininsider.com/news/superfortune-probes-gua-address-tampering-claim/"},{"credibility":2,"name":"Cryip: May 2026 Crypto Hacks Report — $84.2 Million Lost Across 41 Incidents","type":"research","url":"https://cryip.co/may-2026-crypto-hacks-report-84-2-million-lost-across-41-incidents/"},{"credibility":2,"name":"PANews: Manta's co-founder stated they are investigating the Superfortune security incident; GUA tokens have fallen nearly 76% in the past 24 hours","type":"news_article","url":"https://www.panewslab.com/en/articles/019e6c32-dc2c-75cd-91b9-16b7c9d61cbb"},{"credibility":3,"name":"SUPERFORTUNE AI on X — Official incident disclosure, May 27 2026","type":"social_media","url":"https://x.com/SUPERFORTUNE888/status/2059818459421372485"},{"credibility":2,"name":"CoinGecko: Superfortune Price — GUA/USD Live Price Chart","type":"on_chain","url":"https://www.coingecko.com/en/coins/superfortune"},{"credibility":3,"name":"CoinFomania: Binance Alpha Lists SUPERFORTUNE (GUA) and Launches Tiered Airdrop","type":"news_article","url":"https://coinfomania.com/binance-alpha-lists-superfortune-gua-airdrop-launch/"},{"credibility":2,"name":"BeInCrypto: Superfortune Launches AI-powered Mobile App","type":"news_article","url":"https://beincrypto.com/superfortune-ai-mobile-app-launch/"},{"credibility":3,"name":"BingX: What Is Superfortune (GUA) AI Metaphysics Crypto and How Does It Work?","type":"other","url":"https://bingx.com/en/learn/article/what-is-superfortune-gua-token-how-does-it-work"},{"credibility":2,"name":"CoinMarketCap: SUPERFORTUNE (GUA) Price","type":"on_chain","url":"https://coinmarketcap.com/currencies/superfortune/"}],"summary":"Superfortune AI is an AI-powered InfoFi platform on BNB Chain, incubated by Manta Labs, that combines Chinese metaphysical traditions with crypto market analytics. Its native token GUA launched on November 27, 2025. On May 27, 2026, approximately 14.98 million GUA tokens intended for an airdrop distribution were redirected to a lookalike attacker-controlled address, resulting in losses of approximately $15.18 million and a roughly 76% token price crash within 24 hours. The root cause remains disputed: the team attributed the incident to a compromised signer private key, while the absence of prior on-chain interaction between the attacker and project wallets has raised unresolved questions about the multisig workflow.","timeline":[{"date":"2025-11-27","event":"GUA Token Generation Event (TGE): GUA token launched on BNB Chain with initial liquidity on PancakeSwap; simultaneously listed on Binance Alpha. Circulating supply approximately 45 million tokens (4.5% of 1 billion total supply).","source":"CoinFomania: Binance Alpha Lists SUPERFORTUNE (GUA) and Launches Tiered Airdrop","source_url":"https://coinfomania.com/binance-alpha-lists-superfortune-gua-airdrop-launch/"},{"date":"2026-05-27","event":"Security incident: approximately 14.98 million GUA tokens intended for an airdrop distribution were redirected during a multisig transaction to a lookalike attacker-controlled address (0x70AE678b457C5E1b3fD7AD9537F234dFc1795C15 instead of 0x70ae7D3DECfB4C3aE996fb1c07092566F73D5c15) on Ethereum and BNB Chain. Total value of diverted tokens approximately $15.18 million.","source":"Halborn: Explained — The Superfortune AI Hack, May 2026","source_url":"https://www.halborn.com/blog/post/explained-the-superfortune-ai-hack-may-2026"},{"date":"2026-05-27","event":"Attacker dumped approximately 14.98 million GUA tokens on-chain over approximately nine hours, netting roughly 2,784 ETH (approximately $5.66 million). GUA token declined approximately 75.8% within 24 hours, reaching $0.3044.","source":"PANews: Manta's co-founder stated they are investigating the Superfortune security incident; GUA tokens have fallen nearly 76% in the past 24 hours","source_url":"https://www.panewslab.com/en/articles/019e6c32-dc2c-75cd-91b9-16b7c9d61cbb"},{"date":"2026-05-27","event":"SUPERFORTUNE AI's official X account disclosed the security incident, characterizing it as a 'suspected address poisoning attack' with 'address manipulation through a multisig transaction.' Kenny Li, Manta Network co-founder, announced the team was investigating the incident.","source":"SUPERFORTUNE AI on X — Official incident disclosure","source_url":"https://x.com/SUPERFORTUNE888/status/2059818459421372485"},{"date":"2026-05-27","event":"CoinInsider reported that early internal review suggested possible address manipulation in the multisig flow rather than a confirmed exploit of the GUA token contract itself. Team stated the token contract was intact.","source":"CoinInsider: Superfortune Probes GUA Address-Tampering Claim","source_url":"https://www.coininsider.com/news/superfortune-probes-gua-address-tampering-claim/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision beb656ff-0e91-4a56-9d43-a99fd08a64d3copy