- $GUA has crashed -51.74% in 24 hours — trading at $0.6335 after hitting a session low of $0.2473 — with a market cap of approximately $79.2 million.
- On-chain analyst confirmed that approximately 14.981 million $GUA (~$15.18 million) was unlocked from the project's unlock contract and immediately and fully dumped on-chain — converting into 2,784 ETH (~$5.66 million) distributed across three wallets.
- The official SUPERFORTUNE AI account claims the dump was caused by a suspected address poisoning attack — where a multisig transaction was sent to a hacker's address instead of the intended airdrop claim contract.
- The situation remains under active investigation — with the project stating it has contacted authorities and incident response teams — but the on-chain evidence of an immediate full sell raises questions the community is pressing for answers on.
Superfortune’s $GUA token has been hit by one of the most severe single-day collapses in the AI gaming token space — losing more than half its value in 24 hours amid a sudden and total liquidation of a major unlock event. Whether this is a security breach or something more deliberate is the question the entire community is now asking — and the answer has significant implications for every remaining holder.
From a session high of $1.3406 to a low of $0.2473 — $GUA lost more than 81% of its intraday peak value at the session bottom — before recovering partially to the current $0.6335. The recovery from $0.2473 to $0.6335 reflects buying into the extreme dip but does not change the fundamental picture: a major token holder exited a $15 million position in a single on-chain transaction and the price has not recovered to pre-dump levels.
Why and HOW $GUA Crashed?
On-chain analyst @EmberCN provided the clearest picture of the mechanics behind the crash:
Approximately 13 hours ago, 14.981 million $GUA tokens — valued at approximately $15.18 million at the time — were unlocked from the project’s official unlock contract. What followed was immediate and total — every single unlocked token was sold on-chain in a rapid sequence that overwhelmed available liquidity and drove the price to its intraday low of $0.2473.
The conversion trail:
| Detail | Data |
|---|---|
| Tokens Dumped | 14.981 million $GUA |
| Value at Time of Dump | ~$15.18 million |
| Converted Into | 2,784 ETH (~$5.66 million) |
| Distributed Across | 3 separate wallets |
The three receiving wallets:
0x111b78A86C16dBD4261FCb5C7D3A9dAF25E2b5890x7b8f28Ff2E1D4DF2D8ddD1daBaFf8c3E58FE841C0xfA4cB6aDD9DA4a4b714541b98fD4b2E3DA86B7c8
The immediate and complete nature of the sell — every token converted to ETH and distributed across three addresses in a single coordinated sequence — is the on-chain fact that sits at the centre of this incident. Whether it was a hacker or an insider executing the sell, the mechanical result was identical: a $15 million market sell that the $GUA order books had no depth to absorb.
The Project’s Explanation — Address Poisoning Attack
The official SUPERFORTUNE AI account has issued a statement attributing the dump to a suspected address poisoning attack — a type of security exploit where an attacker creates a wallet address that closely mimics a legitimate address to trick signers into approving transactions to the wrong destination.
The project’s account of what happened:
A multisig transaction was prepared to release unlocked tokens into the official airdrop claim contract at address: 0x70ae7D3DECfB4C3aE996fb1c07092566F73D5c15
Instead, the transaction was executed to a hacker’s address: 0x70AE678b457C5E1b3fD7AD9537F234dFc1795C15
The two addresses share the same opening characters — 0x70AE — a deliberate similarity that is the defining characteristic of address poisoning. An attacker creates a wallet that begins and ends with the same characters as a legitimate target address — hoping that signers performing quick visual checks will miss the difference in the middle characters.
Key claims from the project:
- Internal procedures include multiple checks specifically designed to prevent address poisoning
- The hacker address had no prior interaction with any SUPERFORTUNE-associated addresses — making it harder to argue this was an insider address
- Authorities and incident response teams have been contacted
- Investigation is ongoing
The Community Question — Security Breach or Exit?
The project’s address poisoning explanation raises a question the community is actively debating: how does an address poisoning attack bypass multiple internal verification checks on a multisig transaction?
Multisig wallets — which require multiple independent signers to approve transactions — are specifically designed to prevent single-point-of-failure errors including address substitution. For an address poisoning attack to succeed on a multisig, multiple independent signers would each need to overlook the address discrepancy.
This is not impossible — address poisoning attacks have succeeded against sophisticated teams before — but the threshold of what needs to go wrong simultaneously is higher than for a single-signer wallet.
What would help resolve the question:
- The project providing the full multisig transaction approval history — showing which addresses signed and when
- An independent security firm confirming the address poisoning attack vector
- Clarity on why the unlocked tokens were sold immediately rather than sitting in the hacker’s wallet while the situation was investigated
Until these questions are answered — the community sits in an uncomfortable position between two narratives: a genuine and sophisticated security breach, or a coordinated exit using the address poisoning explanation as cover.
What $GUA Holders Should Do Right Now
Monitor official channels only — Follow the verified SUPERFORTUNE AI account for updates. Do not act on unverified community speculation about recovery plans or token burns.
Watch the three receiving wallets — 0x111b, 0x7b8f, and 0xfA4c — for any further movement of the 2,784 ETH. If the funds move toward mixer services or further distribution — it reduces the probability of recovery. If they remain dormant — it may support the security breach narrative.
Do not average down into uncertainty — Until the investigation produces verified findings, the fundamental risk profile of $GUA has materially changed. The project’s credibility and the security of its token distribution infrastructure are both under question simultaneously.
Preserve capital — In situations with this level of unresolved uncertainty — capital preservation takes priority over recovery speculation.
Bottom Line
The $GUA crash on May 27, 2026 comes down to one of two narratives — and the evidence is not yet conclusive enough to confirm which one is true. Either a sophisticated address poisoning attack bypassed multiple multisig verification checks and a hacker extracted $15 million in a matter of hours — or the address poisoning explanation is being used to obscure a coordinated exit.
The on-chain facts are not in dispute: 14.981 million $GUA was unlocked and immediately fully sold for 2,784 ETH across three wallets. What is in dispute is who authorised that sell and why.
The investigation will determine the answer. Until it does — exercise extreme caution, monitor the identified wallets and official channels, and do not mistake the partial price recovery from $0.2473 as a signal that the situation has resolved.
Frequently Asked Questions (FAQ)
What happened to Superfortune’s $GUA token?
4.981 million $GUA (~$15.18M) was unlocked from the project’s unlock contract and immediately sold on-chain — converting into 2,784 ETH (~$5.66M) across three wallets — causing a -51.74% crash in 24 hours with an intraday low of $0.2473.
What is the Superfortune project team’s explanation?
SUPERFORTUNE AI claims a suspected address poisoning attack caused a multisig transaction to be sent to a hacker’s address (0x70AE678b...) instead of the intended airdrop contract (0x70ae7D3D...) — the two addresses sharing similar opening characters.
What is address poisoning?
An attack where a hacker creates a wallet address that closely mimics a legitimate address — specifically matching the opening and closing characters — hoping signers performing quick visual checks will miss the difference in the middle characters.
What should $GUA holders do right now?
Monitor official SUPERFORTUNE AI channels for verified updates, watch the three receiving wallets for fund movements, avoid averaging down into unresolved uncertainty, and prioritise capital preservation until the investigation produces confirmed findings.
The opinions and market insights shared on CoinsProbe represent the views of individual authors based on prevailing market conditions at the time of publication. Cryptocurrency investments carry significant risk and volatility. Readers are encouraged to conduct their own research and seek professional financial advice before making investment decisions. CoinsProbe and its contributors do not accept responsibility for financial losses or decisions made based on published content.
CoinsProbe may publish sponsored articles, affiliate links, or promotional collaborations. All sponsored material is clearly labeled to maintain transparency with our audience. Our editorial decisions remain fully independent, and advertising partnerships do not influence reviews, rankings, or published opinions.
Since 2023, CoinsProbe has delivered reliable insights on cryptocurrency, blockchain, and digital assets. Our content is created by experienced researchers and analysts who follow strict editorial standards focused on accuracy, transparency, and credibility. Every article is carefully reviewed and verified using trusted sources and current market data. We provide unbiased analysis and timely updates covering everything from emerging crypto projects to major industry developments.
