Author: TechFlow
The crypto world is a veritable dark forest.
Both account theft and on-chain phishing are common for veteran players. This kind of "getting hit" has nothing to do with the amount of wealth. Whether you are a billionaire or a hundred-dollar player, hackers treat you the same. As long as you are careless for a moment and are taken advantage of by hackers, your assets will be transferred away at the same speed.
Yesterday, the Twitter account of legendary crypto trader GCR (@GCRClassic) was hacked. The hacker used GCR's Twitter account to post the view that "ORDI is firmly bullish". ORDI rose 15% within minutes after the tweet was sent, and then quickly fell back. GCR himself seemed to be unaware of it until someone asked in his tg channel, and he knew that his account was stolen.
Interestingly, the famous “on-chain detective” ZachXBT used a long and detailed tweet to reveal the entire process of the hack, and sharply identified the mastermind behind the hack - a Memecoin team.
Carefully planned hack
After the GCR account was stolen and the orders were called, the on-chain detective ZachXBT announced that he would release an investigation report on the incident within the next 12-24 hours. That night, ZachXBT posted a long tweet, which went straight to the point at the beginning, pointing out that the culprit behind the hack was the $CAT Memecoin team.
ZachXBT pointed out that the $CAT team had used a lot of bad tricks during the project’s TGE. The team snatched more than 60% of the token shares and sold them for a profit of more than $5 million.
By tracking the on-chain addresses, ZachXBT discovered that the team quickly transferred the funds to the exchange after making a profit, and then withdrew the amount from the exchange to two addresses starting with 0x23bc and 0x91f33.
Afterwards, the address 0x23bc65 transferred 650,000 USDC to the new address starting with 0x5e3e and deposited it into Hyperliquid.
Between 17:45 and 17:56 UTC on May 26, 0x5e3e established a $2.3 million long position in ORDI on Hyperliquid.
Be prepared for everything. On May 26th at 17:55 UTC, a hacker posted a post optimistic about ORDI through the @GCRClassic Twitter account, causing ORDI to rise in the short term.
Twice the effort for half the result?
Since GCR is known as the "legendary trader", it goes without saying that his Twitter account is very influential. A scheme as elaborate as this one by the hacker must have made a lot of money, right?
However, it took 15 minutes from the time the hacker tweeted the ORDI order to the final closing of the position, making a profit of $34,000.
As if he was not satisfied with the $34,000 he earned after working so hard, the hacker used the same address 0x5e3 to establish a $1 million ETHFI long position on Hyperliquid more than an hour later, at UTC 19:04 — UTC 19:12.
After opening the order, the hacker tweeted ETHFI through @GCRClassic, and closed the position at 0x5e3 from UTC 19:16 to UTC 19:45, resulting in a loss of $3,500. Well, the hacker stole the account and placed an order in advance, and the operation was as fierce as a tiger. It is not known whether the final profit is enough to cover the cost of hacking the account.
Viewers in the comment section couldn't help but mock: "Hacking into GCR's account only earned $35,000. How pathetic."
At the end of the investigation, ZachXBT summarized some of the essences that investors should understand from this incident:
The $CAT project simply bought an expensive Twitter account (@sol) and posted some mysterious-looking posts, and people were willing to invest real money to pay for this mystery, and ultimately allowed such a scam team to make millions of dollars in profits. This is not right.
Social media platforms should no longer provide a stage for people who shout out Memecoin.
It is recommended that people research the progression from SIM swapping/phishing scams to now using Memecoin scams as many scammers have switched their methods.
Memecoin is subject to manipulation to the same degree as VC coins or even higher. You should choose a trustworthy development team or tokens locked by smart contracts.
Finally, ZachXBT also mocked the scam, saying that the execution of this scam was very poor and the scammers were obviously of "low IQ".
As an individual with greater influence, it is particularly important to control account risk. After all, many people will actually pay real money for an investment advice issued by your account.
As an investor, you need to be disenchanted by this kind of influence and look at various investment suggestions objectively and rationally, and refuse to be influenced by fomo and blindly take over.
