TechFlow reports that on-chain sleuth ZachXBT posted on social media alleging the team behind Solana-based meme coin CAT may be linked to the perpetrators behind last night's GCR Twitter hack.
Minutes before the attack, an address associated with the team opened long positions of $2.3 million in ORDI and $1 million in ETHFI on Hyperliquid.
The team controlled 63% of the supply through their minting authority, sold over $5 million worth of $CAT, and transferred the profits across multiple wallets. Wallet 6M54x received approximately 15K SOL ($2.5 million) from CAT sales and began depositing funds into Kucoin (4.8K SOL) and MEXC (4.8K SOL and 1.4M USDC) starting May 25. Time analysis shows that shortly after the Solana deposits, similar amounts were withdrawn from two exchanges on Ethereum and Arbitrum. On May 25 at 5:22 PM UTC, 0x23bc transferred 650K USDC to 0x5e3 and deposited it into Hyperliquid for trading. Between 5:45 PM and 5:56 PM UTC on May 26, 0x5e3 opened a $2.3 million long position in ORDI.
At 5:55 PM UTC on May 26, GCR’s Twitter account was compromised and posted about ORDI, causing its price to spike. 0x5e3 closed the position between 5:56 PM and 6:00 PM UTC, profiting approximately $34,000.
Between 7:04 PM and 7:12 PM UTC, 0x5e3 opened a $1 million long position in ETHFI on Hyperliquid. At 7:12 PM UTC, the hacker posted a new tweet about ETHFI from the compromised GCR account. Between 7:16 PM and 7:45 PM UTC, 0x5e3 exited the position, incurring a loss of $35,000.




