Digital Forensics: TLDR
- Developer Andy Ayrey’s X account was hacked, leading to a $602,500 crypto scam
- Hackers created and promoted “Infinite Backrooms” token, pumping it to $25M market cap before dumping
- Terminal of Truths bot’s wallet ($1.8M in assets) was moved to secure location
- Bot holds $1.2M in Goat tokens (70% of portfolio) and $500K in Fartcoin (29%)
- Original hack stemmed from compromised X account, prompting emergency security measures
A security breach on October 30, 2024, forced Terminal of Truths developer Andy Ayrey to take emergency action after hackers compromised his X (formerly Twitter) account.
The incident resulted in a $602,500 crypto scam and prompted the immediate transfer of nearly $2 million in digital assets to secure wallets.
The hack began when unauthorized users gained access to Ayrey’s social media account. The attackers quickly deployed a new token called Infinite Backrooms (IB) and used Ayrey’s compromised account to promote it to his followers. Within hours, the scam token’s market capitalization surged to $25 million as unsuspecting investors bought in.
The attackers executed a classic pump-and-dump scheme. After pushing the token’s price to $0.025, they sold approximately 124.6 million IB tokens.
This mass sell-off caused the token’s value to crash nearly to zero. Current DEX Screener data shows IB trading at just $0.002.
Constellate Labs, another X account associated with Ayrey, quickly confirmed the security breach. The team posted an update stating, “Security update: @andyayrey compromised – @constellatelabs and @truth_terminal secured with hardware key and no phone 2fa.”
security update:
– @andyayrey compromised
– @constellatelabs and @truth_terminal secured with hardware key and no phone 2fa
– personal wallet and truth terminal’s wallets have been moved by me to airgapped location
attack still underway, updates posted here
— Constellate #FREEANDY (@ConstellateLabs) October 29, 2024
This indicated that additional security measures were being implemented to prevent further unauthorized access.
The Terminal of Truths bot’s previous wallet, which was publicly tagged and contained almost $2 million in various cryptocurrencies, has been emptied according to Solscan data.
These funds were moved to new, secure locations as a precautionary measure during the attack.
A breakdown of the AI bot’s current holdings shows approximately $1.8 million in various cryptocurrencies. The largest portion consists of $1.2 million in Goat tokens, representing 70% of the total portfolio.
Another $500,000 is held in Fartcoin, making up 29% of the holdings. The remaining 1% is distributed across 20 different tokens, including Freeandy and Pimp.
Ayrey’s personal wallet contains roughly $770,000 in assets, with Goat tokens accounting for 98% of the portfolio. The developer has not responded to media requests for comment about the incident.
To verify the legitimacy of the emergency transfers, observers can check the Solana blockchain’s DeFi Activities tab on Solscan, which provides a clear record of all transactions during the incident. This transparency helps distinguish between authorized transfers and potentially fraudulent activities.
During the attack, Ayrey released a video confirmation that both his personal wallets and project-related funds had been transferred to an air-gapped location for security purposes. This move was designed to protect assets while the team addressed the security breach.
video update from @andyayrey (the real one, not the evil twin currently holding the account) pic.twitter.com/OvDIeNxTJ2
— Constellate #FREEANDY (@ConstellateLabs) October 29, 2024
The Terminal of Truths project first gained attention in July 2024 when venture capitalist Marc Andreessen donated $50,000 in Bitcoin to support the initiative. Ayrey developed the chatbot using a modified version of Anthropic’s Claude 3 language model.
The bot became known for promoting what it called the “Goatse Gospel,” which inspired the creation of the Goatseus Maximus token.
After receiving public endorsement from the AI, the token experienced rapid growth. Current market data shows it ranking at position 127, surpassing established projects like The Sandbox, Decentraland, Ronin, and IOTA.
The hack has prompted discussions about security measures among crypto project developers. Hardware keys and enhanced two-factor authentication protocols are being implemented more widely as protective measures against similar attacks.
Blockchain records show the precise timing and movement of funds during the incident. The attacker’s wallet address has been identified and tagged by several blockchain security firms, although recovery of the stolen funds remains unlikely due to the nature of decentralized exchanges.
The incident highlights the speed at which crypto scams can unfold. From initial account compromise to the completion of the pump-and-dump scheme, the entire attack took place within hours, demonstrating the need for rapid response protocols in crypto projects.
Trading data from DEX Screener reveals that the scam token achieved its peak price within 45 minutes of launch, before experiencing a complete price collapse in the following hour as the attackers liquidated their position.
Post comments (0)