Title: Analysis Reveals Connection Between CAT Development Team “Sol” and GCR Hack
Last weekend, GCR’s X account (@GCRClassic) was hacked, resulting in the release of “shilling” content about ORDI and ETHFI, causing significant short-term volatility in the market. Through blockchain analysis, ZachXBT discovered a possible connection between this hacking incident and the development team behind meme token CAT on Solana, known as “Sol” (unrelated to the Solana team).
The following is ZachXBT’s original analysis, compiled by Azuma from Odaily.
In the minutes leading up to the hack, an address associated with the “Sol” team opened long positions worth $2.3 million in ORDI and $1 million in ETHFI on Hyperliquid.
Let’s dive into the details.
According to blockchain analysis service Lookonchain, the “Sol” team was suspected of manipulating their own meme token, CAT, and controlled 63% of the token supply. They have now cashed out over $5 million, with profits being dispersed to multiple addresses.
One of these addresses, starting with 6M54xEUamVAQVWPzThWnCtGZ7qznomtbHTqSaMEsUHPF, received approximately 15,000 SOL (worth around $2.5 million) and deposited funds into Kucoin (around 4,800 SOL) and MEXC (around 4,800 SOL and $1.4 million) on May 25th.
Based on time analysis, it was discovered that shortly after these two deposits on Solana, there were withdrawal transactions related to Kucoin and MEXC on Ethereum and Arbitrum, with withdrawal amounts highly similar to the deposit amounts. The relevant addresses are as follows: 0x23bcf31a74cbd9d0578bb59b481ab25e978caa09 and 0x91f336fa52b834339f97bd0bc9ae2f3ad9beade2.
On May 25th, at 5:22 PM (UTC), the address starting with 0x23bc transferred $650,000 worth of USDC to the address starting with 0x5e3edeb4e88aafcd1f9be179aa6ba2c87cbbadc8. The funds were then deposited into Hyperliquid for contract trading. Subsequently, between 5:45 PM and 5:56 PM on May 26th, the address starting with 0x5e3 opened a long position worth $2.3 million in ORDI on Hyperliquid.
At 5:55 PM on May 26th, GCR’s X account posted an article about ORDI (“Bullish on and Holding ORDI”), causing a short-term surge in ORDI’s price. The address starting with 0x5e3 closed its position between 5:56 PM and 6:00 PM, making a profit of approximately $34,000.
At 5:58 PM on May 26th, GCR confirmed on his other X account that his main account had been hacked.
Between 7:04 PM and 7:12 PM on May 26th, the hacker repeated their actions, with the address starting with 0x5e3 opening a $1 million long position in ETHFI on Hyperliquid. At 7:12 PM, using the hacked GCR account, the hacker once again posted a “shilling” content about ETHFI.
However, this time the market seemed to be cautious, and ETHFI did not mimic the trajectory of ORDI. Between 7:16 PM and 7:45 PM, the address starting with 0x5e3 was forced to close its position, resulting in a loss of approximately $3,500.
In conclusion, ZachXBT’s analysis of this hacking incident reveals that the hacker’s profit from the two “manipulative trades” was only around $30,000, and one of them even ended in a loss. This seems to be lower than many people’s speculations.
It is worth mentioning that ZachXBT had previously warned about the suspicious behavior of the “Sol” team, leading to mockery from the CAT token community when its price briefly surged (with a 75% decrease in the past 24 hours).
Now, seizing the opportunity, ZachXBT didn’t forget to make a sarcastic remark and concluded his article by saying, “From their strange actions, it is evident that the hacker has a very low IQ.”