The GUA token experienced a sharp decline amid a security incident that occurred on May 27, 2026. The SUPERFORTUNE AI team has initiated an investigation into the event that led to significant volatility of the asset. Preliminary information suggests that during the execution of a multisig transaction, the address was manipulated, affecting the distribution of tokens.
This is reported by Business • Media
Details of the Security Incident
According to SUPERFORTUNE AI, the funds were initially supposed to be sent to a target address, but after the transaction was completed, they ended up in a different wallet. The team reported that this address has no connection to any wallets that have previously participated in the project and referred to it as the hacker’s address.
A multisig transaction was used to unlock additional tokens in the airdrop minting contract—a mechanism that allows users to receive unlocked assets. It was during this operation that the manipulation occurred, resulting in the transfer of funds to an external address.
“The SUPERFORTUNE AI team is investigating the incident during which a suspicious address manipulation occurred in a multisig transaction, causing significant volatility of the GUA token.”
The project does not consider address poisoning to be the most likely attack vector, as the recipient address had no prior activity with SUPERFORTUNE AI wallets. The team also emphasized that internal security procedures involve thorough verification and reconciliation of addresses at multiple stages.
Price Drop and Community Reaction
Following the publication about the incident, the GUA token sharply lost value—the price fell from approximately $1.7 to $0.23, a decrease of 85%. Subsequently, a partial recovery allowed the asset to trade at around $0.6.
On the social network X (formerly Twitter), users urged the SUPERFORTUNE AI team to take measures to restore the token’s price to previous levels.
Address poisoning is a fraudulent scheme in the cryptocurrency space where attackers create an address very similar to a legitimate one and send a small transaction from it to have it appear in the victim’s transaction history. After this, the user may accidentally send funds to the fraudsters by copying the wrong address.
Currently, the SUPERFORTUNE AI team continues its investigation and has already reached out for assistance from law enforcement and incident response specialists.
Recall that in March 2026, the Trust Wallet cryptocurrency wallet implemented protection against address substitution fraud.