MantaUkraine🇺🇦

Meet Summoning Mentor 🥸 What if Nietzsche, Buddha, Confucius, Marx and other great minds could help you make life’s toughest decisions? From relationship conflicts to career choices, emotional battles, identity questions, and life crossroads - Summoning Mentor creates a dynamic discussion between different worldviews instead of giving you a single answer. 🔗 https://t.co/qSYtNhGv21 More details👇

24-Hour Incident Update Following our earlier communication, we want to share key, substantive findings from the first 24 hours of investigation. This is an on-going investigation. A full post-mortem will follow when these workstreams are complete. The findings below are what we can responsibly share now. Tangentially, we are aware of rumors and FUD spreading and intend to address those directly with the evidence we present in our findings. First, this is not an inside job nor is there any team involvement; implications that the team is secretly selling tokens or anything of that nature is entirely false and can be proven empirically. Second and related, we have never engaged with Web3Port. Both ongoing rumors are entirely fabricated. ✅ The Details That Are Confirmed 1️⃣ The attack was not address poisoning of our transaction-construction workflow. Our earlier assessment that address poisoning was unlikely has been confirmed by direct forensic evidence. The team member who proposed the multisig transaction (Signer 1) signed the correct recipient address 0x70ae7D3DECfB4C3aE996fb1c07092566F73D5c15 at 03:17 UTC on May 27, during the internal verification call. The signed payload is preserved verbatim in the local device logs, with the correct address and correct amount. 2️⃣ The attack was a compromise of that signer's private key. A separate valid signature — for a different transaction with the attacker's address 0x70AE678b457C5E1b3fD7AD9537F234dFc1795C15 as recipient — was submitted to the Safe Transaction Service at 04:00 UTC, 43 minutes later. That second signature is cryptographically valid for the same wallet but does not appear in the Signer 1’s local device logs. The mechanism that explains this is that the attacker had independent possession of the private key and signed the substituted transaction from outside Signer 1’s infrastructure. The remaining signers reviewed the queued transaction in the Safe interface. The attacker's address was specifically constructed to share the same first four and last four hex characters as the correct recipient — both begin with 0x70AE and end with 5C15. This vanity pattern is used to appear as the correct address in the Safe UI preview. Specifically generating these fake vanity addresses takes time and resources and implies premeditation and planning on the attacker’s end (more mention of this in point 4). Following confirmation the preview, the remaining signers signed the transaction. The on-chain execution followed at 17:59:24 UTC. 3️⃣ Funds are fully traced and currently parked on Ethereum. Within ~4 hours of execution, the attacker liquidated the stolen GUA on PancakeSwap, swept proceeds to an operational hub wallet 0xb292a7016c0008e786edca46459ccee063673afb, bridged the value to Ethereum via cross-chain protocols, and consolidated approximately 2,783.99 ETH into three cold-storage wallets that currently hold the funds with zero outflows: - 0x111b78A86C16dBD4261FCb5C7D3A9dAF25E2b589 - 0x7b8f28Ff2E1D4DF2D8ddD1daBaFf8c3E58FE841C - 0xfa4cb6add9da4a4b714541b98fd4b2e3da86b7c8 - A separate ~170,121 USDT was bridged out. 4️⃣ The attacker is using substantial, reusable infrastructure. The operational hub address and the three Ethereum cold-storage addresses are each surrounded by brute-forced lookalike "vanity twin" addresses that the attacker is seeding with fake transfer events using Unicode-spoofed token symbols (ETH, EṬH, ĖTḨ). The same vanity-address construction technique produced the address used against our project. The scale and pre-staging of this infrastructure indicates an industrialized operation rather than an opportunistic one-off attack. We will continue to publish substantive updates as the investigation progresses, while protecting information that could compromise active workstreams. We continue to work closely with authorities, white hats, and tracing services. We thank the community for its patience.

We are investigating a security incident that occurred for the token, $GUA, through a suspected address poisoning attack on May 27, 2026, which has caused significant volatility on the token. Initial findings indicate an address manipulation through a multisig transaction intended to release additional unlocked tokens into the airdrop claim contract, which allows users to claim unlocked airdrops. The intended address for this is 0x70ae7D3DECfB4C3aE996fb1c07092566F73D5c15 (the intended address) but the resulting address the executed transaction sent to was 0x70AE678b457C5E1b3fD7AD9537F234dFc1795C15 (the hacker address). The hacker address never had any interaction with any addresses associated with SUPERFORTUNE previously, so address poisoning as an attack vector is unlikely. Furthermore, internal operating procedures account for address poisoning attempts by matching addresses through several checks. We are continuing to investigate the hack and will provide the community on an ongoing basis. We have contacted authorities and incident response teams to assist.

Call it vibe-coding, programming, or digital wizardry; the label doesn't change the reality. If you deploy unreviewed LLM code directly to production, you are gambling with user data and system security. "Appearing to work" is a terrifying metric for a launch. A perfectly functional UI can easily mask critical logic flaws, over-privileged permissions, and leaky API scopes underneath. You don't need to slow down your deployment velocity to enforce rigorous standards. That is exactly why we built CodeAutrix. It bridges the gap between shipping at the speed of thought and security, auditing AI-generated code in under 3 minutes. Keep your speed. Lose the risk.

BaZi is not your personality. It's your operating system. Eight characters from your birth date and time - each one an element, each one Yin or Yang. The combination tells you what you're actually working with. Where your energy runs hot, where it leaks, what kind of environment makes you dangerous. Not a horoscope. Not a vibe check. A configuration.

We check our phones 50+ times a day, usually absorbing noise📱 https://t.co/lR3hzRBm6l is a 1-minute digital ritual to change that. Pick an area of intent, lock in your affirmation, and reset your mental alignment before the chaos starts. Your thoughts create your reality. Plant the right seeds 🌱