The Manta-incubated project Superfortune has officially confirmed a security breach involving the GUA token, which occurred on May 27, 2026. The incident triggered severe price volatility and significant market fluctuations following the unauthorized diversion of assets during a planned multisig transaction. According to the development team, the exploit resulted from an address being tampered with during a scheduled token unlock process, leading to the loss of funds intended for community distribution.
Mechanism of the Multisig Transaction Failure
Preliminary forensic analysis by the Superfortune team indicates that the vulnerability manifested during the execution of a multisignature (multisig) transaction. The protocol had intended to transfer newly unlocked GUA tokens to a specific airdrop claim contract address. However, during the final execution phase, the destination parameters were altered, causing the assets to be routed to a fraudulent wallet.
- The incident took place on May 27 during a routine liquidity management operation.
- The hacker's address had no prior interaction with any Superfortune-related smart contracts.
- Internal security protocols, including existing address verification mechanisms, were reportedly active at the time of the breach.
While the specific method of tampering remains under investigation, the team has clarified that the absence of previous interactions with the attacker's wallet suggests that a standard address poisoning attack—where a malicious actor mimics a known address—is an unlikely vector for this specific event.
Response and Ongoing Security Investigation
The security incident has drawn attention from the broader Manta Network ecosystem, with the Manta co-founder confirming that they are closely monitoring the situation. Superfortune developers are currently auditing their internal processes to determine how the address was manipulated despite the presence of multiple verification layers.
The team stated that its internal processes already include multiple address verification mechanisms, and the team is currently continuing to investigate the incident and will share the latest progress with the community subsequently.
The project has committed to maintaining transparency as they trace the movement of the stolen GUA tokens on the blockchain. At this stage, the primary focus remains on identifying the breach point within the multisig workflow and mitigating further risks to the remaining treasury assets.
As the investigation continues, the Superfortune team has cautioned users to remain vigilant regarding official communications. This incident highlights the ongoing risks associated with smart contract execution and the necessity for robust security frameworks even within established incubation programs. Further technical updates are expected as the team coordinates with cybersecurity experts to recover the misplaced funds and stabilize the GUA token market.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.