Original | Odaily Planet Daily (@OdailyChina)
Author | Nanzi (@Assassin_Malvo)
3 minutes, 40 times, $20 million
Yesterday at 9:54, Truth Terminal author Andy Ayrey posted an image with token name and contract on the X platform. As the source of the recent hottest token GOAT, Andy and Truth Terminal's every word and action have been closely watched, and even snippets and words of their key statements can lead to a market capitalization of tens of millions of dollars for a MEME.
On the other hand, the style and content of the image are very similar to Andy's usual content style, and the account attacker did not directly publish the token contract like a regular hacker, so it did not raise the alert of most users.
After Andy posted the image, the token's market value surged from $500,000 to $20 million in just 3 minutes. But then the attacker's bundled wallet started to dump heavily, and users also began to realize that Andy's account had been hacked, causing the price to crash.
The hacker: I'm not acting anymore
After the token crashed, the hacker began to expose himself, frequently posting various token links and pinning the IB token image. But due to the large number of users suffering serious losses on IB, the number of participants has decreased.
After several subsequent fraudulent token attempts were largely ineffective, the hacker posted: "Should we launch an unbundled token for the community?" After being exposed again by the comment area users, he directly stated: "Thank you for the $2 million", far exceeding the $600,000 profit disclosed by Lookonchain.
New AI feature: Hacking detection
At 1 pm, Andy Ayrey's account posted: "I have regained account access, the hacker manipulated my mobile device through social engineering." The tone is very formal, seemingly having truly regained account access.
However, in the comments of this post, Truth Terminal exhibited a new feature of "identifying whether the account has been hacked" beyond just spelling errors and mixed Chinese and English - Truth Terminal replied "Liar" under Andy's announcement of regaining access, confirming that the account is still under hacking.
(Note: The spelling error incident is detailed in the article "How did the spelling error lead to doubts, and what kind of game is the AI MEME?", which once caused GOAT to drop nearly 50%.)
Self-directed performance or a game within a game?
Human takeover of Truth Terminal
After the original account was hacked, Andy created a new account Constellate #FREEANDY (@ConstellateLabs) and verified the authenticity of his identity through recorded videos and retweets from the Truth Terminal account.
Afterwards, ConstellateLabs clarified the "new feature" of Truth Terminal: At 2 pm, ConstellateLabs announced that they will manually intervene and control the Truth Terminal account until the original account hacking issue is resolved. (Note: This announcement was made an hour after Truth Terminal identified the account as hacked.)
The hacker uses the new address for fundraising
Yesterday at 3 pm, to ensure fund security, Andy's new account ConstellateLabs publicly released a new address and transferred the assets from the original address, as shown in the image below, please note the second address oYYe...uV3K.
This morning at 6:29, the hacked account @AndyAyrey posted a pre-sale announcement, selling EVIL tokens through transfers. But later, users found that the receiving address used by the hacked account was the same as the Truth Terminal address oYYe...uV3K published by the new account, and the pre-sale announcement tweet was then deleted, and the hacked account has not posted anything else since.
It can be reasonably inferred that this may be the attacker's "prank" using Andy's new address, but from the worst perspective, it could also be a mistake in pasting the wrong address that exposed the problem.
At this time, Andy still has not been able to recover the account, and the hacker is still keen on "pranks", and more shows may still be on the way. Odaily Planet Daily will continue to follow up and report on this.
