PANews reported on May 29th that Superfortune, incubated by Manta, released an update on its X platform regarding the recent security incident , stating that the attack was not carried out by internal personnel, and no team members were involved. Claims that the team secretly sold tokens are false. The team also had no contact with Web3Port. The investigation confirmed that the attack was not address poisoning, but rather a leak of the signer's private key. The attacker independently held the private key and submitted a transaction with a forged address 43 minutes after the correct transaction. The forged address had the same first and last four characters as the correct address (starting with 0x70AE and ending with 5C15), used to disguise itself in the Safe interface preview.

The stolen funds are fully traceable and are currently held in three cold wallets on Ethereum, totaling approximately 2,784 ETH. An additional 170,000 USDT were transferred out via cross-chain transactions. The attackers also created numerous spoofed addresses and sent fake transaction events to these addresses using Unicode-forged token symbols in an attempt to obfuscate the traces. This spoofing address construction technique is the same as the method used to attack this project. The attackers' pre-built large-scale infrastructure indicates that this was an industrial-scale operation, not an opportunistic attack.