Revealing the GCR theft: Hackers wanted to manipulate the market by calling orders, but they were "stolen" after opening a SLR in advance
Original author: ZachXBT, Chain Detective
Original translation: Azuma, Odaily Planet Daily
Editor's note: This article is a data analysis by the well-known chain detective ZachXBT on the theft of the legendary trader GCR's X account last weekend.
Last weekend, GCR's X account (@GCRClassic) was stolen, and "calling orders" about ORDI and ETHFI were released one after another, causing the market of related currencies to fluctuate violently in the short term. ZachXBT found through on-chain analysis that the theft seemed to be related to the development team "Sol" of the meme token CAT on Solana (not related to the Solana team).
The following is the original content of ZachXBT, compiled by Odaily Planet Daily.
This article is an analysis of the connection between the CAT development team "Sol" and the GCR theft.
A few minutes before the hack, an address associated with the "Sol" team opened a $2.3 million ORDI and $1 million ETHFI long position on Hyperliquid.
Let's start revealing.
The on-chain analysis service Lookonchain once monitored that the "Sol" team was suspected of sniping the meme token CAT issued by itself, controlling 63% of the token supply. It has now sold more than 5 million US dollars in cash, and the profits have been dispersed and transferred to multiple addresses.
Among them, the address starting with 6M54x (6M54xEUamVAQVWPzThWnCtGZ7qznomtbHTqSaMEsUHPF) received about 15,000 SOL (worth about $2.5 million) and began to deposit funds to Kucoin (about 4,800 SOL) and MEXC (about 4,800 SOL and $1.4 million) on May 25.
Based on time analysis, I found that shortly after the two deposit transactions on Solana were completed, two batches of withdrawal transactions on Kucoin and MEXC appeared on Ethereum and Arbitrum, and the withdrawal amounts were very similar to the deposit amounts. The relevant addresses are as follows:
· 0x23bcf31a74cbd9d0578bb59b481ab25e978caa09;
· 0x91f336fa52b834339f97bd0bc9ae2f3ad9beade2.
At 5:22 pm on May 25 (all UTC time), the above address starting with 0x 23 bc transferred $650,000 USDC to the address starting with 0x 5 e 3 (0x 5 e 3 edeb 4 e 88 aafcd 1 f 9 be 179 aa 6 ba 2c 87 cbbadc 8) and deposited it in Hyperliquid for contract trading. Subsequently, between 5:45 and 5:56 pm on May 26, the address starting with 0x 5 e 3 opened a long position of ORDI worth $2.3 million on Hyperliquid.
At 5:55 pm on May 26, GCR’s X account posted a post about ORDI (“Busy and heavy ORDI”), causing the price of ORDI to soar in the short term. The address starting with 0x 5 e 3 then closed its position between 5:56 and 6:00 pm, making a profit of about $34,000.
At 5:58 pm on May 26, GCR posted a message on his other X account confirming that his main account had been stolen.
From 7:04 to 7:12 PM on May 26, the hacker repeated his old tricks. The address starting with 0x 5 e 3 first opened a $1 million long position in ETHFI on Hyperliquid. Then at 7:12 PM, the hacker used the stolen GCR account to publish another "call" content about ETHFI.
However, the market seems to have been alerted this time. ETHFI did not replicate the trend of ORDI. Between 7:16 and 7:45 p.m., the address starting with 0x 5 e 3 was forced to close its position, losing about $3,500.
The above is ZachXBT's analysis of this hacking incident. From a data perspective, the hacker's final profit from the two "manipulated transactions" was "only" about $30,000, and even one of them ended in a loss, which seems to be lower than many people's speculation.
It is worth mentioning that ZachXBT had previously warned the market about the suspected bad behavior of the "Sol" team, so the CAT token community also mocked ZachXBT when the coin price rose in the short term in the past two days (down 75% in the last 24 hours).
Now that this opportunity has been found, ZachXBT has not forgotten to make a wave of irony, and at the end of the article, it is specially stated: "From their strange operations, it can be seen that the IQ of hackers is extremely low."
Original link
欢迎加入律动 BlockBeats 官方社群:
Telegram 订阅群: https://t.me/theblockbeats
Telegram 交流群: https://t.me/BlockBeats_App
Twitter 官方账号: https://twitter.com/BlockBeatsAsia
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin miner Bitfarms sets vote date on Riot's attempted takeover step
Bitfarms has set Oct. 29 as the date for a special meeting of its shareholders in response to a requisition for a shareholders’ meeting submitted by Riot Platforms.Bitfarms’ shareholders will vote on reconstituting Bitfarms’ board of directors, the latest step in Riot’s attempted takeover of its bitcoin mining rival.
US lawmakers push for hostage designation in Binance exec’s detention in Nigeria
Quick Take Two U.S. congressmen, Rich McCormick and French Hill, have submitted a resolution to the House Committee on Foreign Affairs, urging the U.S. government to declare the detention of Binance executive Tigran Gambaryan in Nigeria as a hostage situation. The resolution calls for the Nigerian government to immediately release Gambaryan, a U.S. citizen, citing his deteriorating health in Kuje Prison.
SEC allows certain firms to skirt controversial crypto accounting bulletin
Quick Take Some firms have proposed business practices that the SEC agrees could exempt them from controversial crypto accounting guidance, according to an SEC source. Firms have consulted with the SEC on crypto policies since SAB 121 was released. The SEC allows exemptions with proven procedures and technology for customer crypto recovery in bankruptcies.
