The hacked GCR and the deceived Kardashian stepfather, hackers are launching attacks using the "celebrity effect."
As summarized by ZachXBT, the lesson we learn from these events is that hackers are using KOLs to launch attacks.Author: Yangz, Techub News
Yesterday, the X account @GCRClassic of the well-known trader GCR was hacked and a series of tweets were posted about which tokens he was buying. One tweet stated that he was "currently heavily invested in ORDI," causing ORDI to spike from around 38 USDT to 44.5 USDT before retreating.
In response, ZachXBT conducted a series of on-chain investigations and found that this incident may be related to the Meme coin CAT team Sol. ZachXBT stated, "Minutes before the hack, an address associated with the Sol team opened long positions of 2.3 million USD in ORDI and 1 million USD in ETHFI on the decentralized derivatives trading platform Hyperliquid."
According to monitoring by Lookonchain, the team had previously spent 1370 SOL (worth about 230,000 USD) to buy 632 million CAT (accounting for 63.2% of the total supply) through a wash trading address when releasing CAT. Subsequently, this address exchanged part of the CAT for about 29,525 SOL (worth about 5 million USD) and transferred it to multiple wallets. Among them, the address starting with 6M54x received about 15,000 SOL (worth about 2.5 million USD) from the sold CAT and began depositing funds into Kucoin (4,800 SOL) and MEXC (4,800 SOL and 1.4 million USDC) on May 25.
Through time analysis, ZachXBT found that shortly after the aforementioned transactions, similar withdrawal operations appeared on Ethereum and Arbitrum.
At 1:22 AM on May 26, 0x23bc transferred 650,000 USDC to 0x5e3e. Between 1:45 AM and 1:56 AM on May 27, 0x5e3e opened long positions of 2.3 million USD in ORDI on Hyperliquid.
At 1:55 AM on May 27, the hacked GCR X account @GCRClassic posted about his optimism for ORDI, stating: "One of the coins I am currently heavily invested in is ORDI. I believe that as Bitcoin approaches the target of 100,000 in the coming weeks, we will see its true potential." After the tweet was posted, the price of ORDI briefly surged from around 38 USDT to 44.5 USDT before retreating. During this period, from 1:56 AM to 2:00 AM, 0x5e3 gradually closed positions, ultimately making a profit of about 34,000 USD.
Additionally, between 3:04 AM and 3:12 AM on May 27, 0x5e3e opened long positions of 1 million USD in ETHFI on Hyperliquid. At 3:12 AM, the hacked GCR account posted a new message about ETHFI, stating, "The story of ETH ETF approval has just begun. In my opinion, ETHFI is suitable for mid-term holding." However, the price of ETHFI was not significantly affected and even slightly declined. From 3:16 AM to 3:45 AM, 0x5e3e began to close positions, ultimately incurring a loss of about 3,500 USD. The hacker may not have noticed that GCR had confirmed the attack on @GCRClassic through another account at 1:58 AM.
So, did the hacker only make 30,000 USD from hacking the account (not ruling out the possibility of trading perpetual products on CEX)? Like everyone else, I also find it strange. But after seeing the performance of the hacker's Hyperliquid Vault provided by ZachXBT, it seems there is not much to be surprised about. ZachXBT even sarcastically referred to him as "the greatest trader of all time," but it is unclear what the hacker meant by naming his Vault "I Know What I'm Doing." Is everything really under control?
Setting aside the hacker's intentions, this incident once again highlights a long-standing issue within the community. As a legendary trader with a well-known reputation, GCR's influence is indeed significant, but is this extreme influence beneficial for the industry?
In addition to the GCR incident, the "drama" surrounding Caitlyn Jenner, the stepfather of the Kardashians, who launched the meme coin JENNER, also sparked intense discussions on CT yesterday. Since Caitlyn Jenner had previously been rarely involved in the cryptocurrency field, her actions left many investors confused, questioning whether a situation similar to GCR's account hack had occurred. However, after repeated denials from Caitlyn Jenner's team, many investors still rushed in, and the price of JENNER experienced a rollercoaster rise and fall.
But is JENNER really issued by Caitlyn Jenner? On-chain detective Roxo pointed out that Caitlyn Jenner's account was not hacked but was manipulated by Sahil Arora through "social engineering."
Roxo stated that Caitlyn's team knew nothing about cryptocurrency, and Sahil Arora acted as an "intermediary" responsible for issuing tokens for Caitlyn. After launching JENNER and having Caitlyn promote it, Sahil sold all the tokens from the deployer's wallet and more tokens he had siphoned from the fee-burning wallet.
At that time, Caitlyn's team was completely unaware, and her agent even stated in a Space that the intermediary would manage all the tokens for her. It wasn't until this morning that Caitlyn Jenner finally realized what was happening and angrily criticized Sahil. Jenner stated that Sahil was out, and the team would continue to invest in and promote the JENNER token.
Besides Caitlyn Jenner, Roxo pointed out that this week, Sahil successfully used KOLs to plan and manipulate five Rug Pulls, including the RICH token from rapper "Rich the Kid," the SOULJA token from artist Soul Ja Boy, and the ZUMI and DOLL tokens from models Kazumi and Ivana Knöll. According to Cointelegraph, Sahil Arora had tweeted that someone leaked his ID. On May 27, he hosted four Twitter Spaces, only one of which lasted more than five minutes. He posted before the events that he would answer questions about SOL Scan and how he was betrayed. Cointelegraph stated that during the longest podcast he attended, the discussion was unrelated to memecoins. A few minutes later, the account (@sahilsaysol) was deleted.
So is Sahil Arora the perpetrator of these Rug Pulls? The answer remains unknown.
But setting all this aside, as summarized by ZachXBT, the lesson these events teach us is that hackers are using KOLs to launch attacks. Furthermore, the manipulation of meme coins may be as high as that of VC coins, or even higher. Especially for those meme coins promoted by celebrities, investors should be more cautious. Conversely, KOLs should also be mindful of their behavior. Bloomberg previously pointed out that the recent emergence of "KOL round financing" could be a new path to wealth or the next target of the SEC.
