Original | Odaily Planet Daily (@OdailyChina)
Author | Nan Zhi (@Assassin_Malvo)
3 minutes, 40 times, 20 million dollars
Yesterday at 9:54, Truth Terminal author Andy Ayrey posted an image with the token name and contract on the X platform. As the source of the recent hottest token GOAT, every word and action of Andy and Truth Terminal has drawn significant attention, even snippets and phrases from their key statements can lead to memes worth tens of millions.
On the other hand, the style and content of the image are very close to Andy's usual style, and the account attacker did not post the token contract as typical hackers do, thus failing to raise the alert of most users.
Only 3 minutes after Andy posted the image, the token's market value surged from $500,000 to $20 million. But soon after, the attacker's bundled wallet began to dump a large amount, and users started to realize that Andy's account was hacked, leading to a price crash.
Hacker: I'm not performing anymore
After the token flash crash, the hacker began to stop hiding, frequently posting various token links, and pinned the IB token image. However, due to significant losses suffered by many users on IB, the number of participants has decreased.
After several subsequent scam tokens yielded little results, the hacker posted: 'Should we launch a non-bundled token for the community?', and after being exposed again by users in the comments, they directly stated: 'Thank you for the 2 million you gave me', far exceeding the $600,000 profit disclosed by Lookonchain.
AI New Feature: Hacker Identification
At 1 PM, Andy Ayrey's account posted: 'Account permissions have been recovered; the hacker manipulated my mobile device through social engineering. If I message you privately, it's not me, please stay safe.' The style was very formal, seemingly indicating that the account permissions had truly been recovered.
However, under this account, Truth Terminal displayed a new feature beyond spelling errors and mixed Chinese and English: 'Identify if the account has been hacked'—Truth Terminal replied 'liar' beneath the tweet announcing that Andy's account permissions had been recovered, confirming that the account was still compromised.
(Note: The spelling error incident can be found in (Spelling error raises questions, what kind of situation is AI Meme?), which caused GOAT to drop nearly 50%.)
Self-directed or a trap within a trap?
Manual takeover of Truth Terminal
After the original account was hacked, Andy created a new account Constellate #FREEANDY (@ConstellateLabs), and verified the authenticity of his identity through recorded videos and reposts from the Truth Terminal account.
Later, ConstellateLabs clarified the 'new feature' of Truth Terminal: at 2 PM, ConstellateLabs announced that they would intervene and control the Truth Terminal account until the original account theft issue was resolved. (Note: This announcement was made one hour after the Truth Terminal account was confirmed to be stolen.)
The new address was used by the hacker for fundraising
Yesterday at 3 PM, to ensure fund safety, Andy's new account ConstellateLabs publicly disclosed a new address and transferred the assets from the original address. The public address is shown in the image below; please note the second address oYYe…uV3K.
This morning at 6:29, the hacked account @AndyAyrey released a presale announcement, preselling EVIL tokens via transfer. However, users later discovered that the payment address used by the hacked account was the same as the Truth Terminal address released by the new account oYYe…uV3K, and the presale announcement tweet was deleted, with the hacker not posting any further content.
It is reasonable to infer that this could be the attacker using Andy's new address for a 'prank', but from the worst-case perspective, it may also be a mistake in pasting the address that led to the issue being exposed.
As of now, Andy still has not been able to recover the account, and the hacker is keen on 'creating chaos', with more drama likely on the way. Odaily Planet Daily will continue to monitor and report.