A play within a play or self-directed performance, Truth Terminal founder X was stolen and staged a series of dramatic acts

Author: Nan Zhi, Odaily Planet Daily

3 Minutes, 40 Times, 20 Million USD

Yesterday at 9:54, Truth Terminal author Andy Ayrey posted an image with the token name and contract on the X platform. As the source of the recently hottest token GOAT, every word and action from Andy and Truth Terminal is closely watched, even snippets and phrases of their key statements can lead to meme valuations in the tens of millions of dollars.

On the other hand, the style and content of the image are very similar to Andy's usual content style, and the account attacker did not directly post the token contract like typical hackers, which did not raise the alarm for most users.

Just 3 minutes after Andy posted the image, the token's market cap surged from 500,000 USD to 20 million USD. However, shortly after, the attacker's bundled wallet began to dump a large amount of tokens, and users started to realize that Andy's account had been hacked, leading to a price crash.

Hacker: I'm Done Pretending

After the token flash crash, the hacker began to stop hiding and frequently posted various token links, pinning the IB token image. However, due to significant losses suffered by many users in IB, the number of participants has declined.

After several subsequent scam tokens yielded little success, the hacker posted: "Should we launch a non-bundled token for the community?" After being exposed again by users in the comments, they directly stated: "Thank you for the 2 million you gave me," far exceeding the 600,000 USD profit disclosed by Lookonchain.

New AI Feature: Hacker Identification

At 1 PM, Andy Ayrey's account posted: "Account access has been recovered; the hacker manipulated my mobile device through social engineering. If I DM you, it’s not me, please be safe." The style was very formal, seemingly indicating that the account access had truly been regained.

However, under this account, Truth Terminal exhibited a new feature beyond spelling errors and mixed languages: "Identify if the account has been hacked" ------ Truth Terminal replied "liar" under Andy's tweet announcing the recovery of account access, confirming that the account was still compromised.

Self-directed Drama or a Deeper Plot?

Manual Takeover of Truth Terminal

After the original account was hacked, Andy created a new account Constellate #FREEANDY (@ConstellateLabs) and verified the authenticity of his identity through recorded videos and retweets from the Truth Terminal account.

Subsequently, ConstellateLabs clarified Truth Terminal's "new feature": at 2 PM, ConstellateLabs announced that they would manually intervene and control the Truth Terminal account until the issue of the original account being hacked was resolved. (Note: This announcement was made one hour after Truth Terminal identified the account as hacked.)

New Address Used by Hacker for Fundraising

Yesterday at 3 PM, to ensure fund safety, Andy's new account ConstellateLabs publicly disclosed a new address and transferred assets from the original address. The address they disclosed is shown in the image below; please note the second address oYYe…uV3K.

This morning at 6:29, the hacked account @AndyAyrey posted a presale announcement, preselling EVIL tokens through a transfer method. However, users soon discovered that the payment address used by the hacked account was the same as the Truth Terminal address published by the new account, oYYe…uV3K. The presale announcement tweet was subsequently deleted, and the hacker has not posted any further content.

It can be reasonably inferred that this may be a "prank" conducted by the attacker using Andy's new address, but from the worst-case perspective, it could also be a mistake in pasting the address that led to the exposure of the issue.

As of now, Andy still has not been able to recover his account, and the hacker is keen on "stirring things up," suggesting that more drama may still be on the way.