TRON DAO Fraud Reporting

miha · March 17, 2026, 5:58pm

Short Incident Summary — TRON Wallet Takeover / CORA Theft

Victim wallet: ⁠ TRw1CTQLrcV1busCv3wjs7TnGBMvbRPd8J
Stolen token: CORA (⁠ TPKQHydsnBJFpBVGrqup9Zr6BC4pa68Mx2 ⁠)
Incident type: Unauthorized ⁠ AccountPermissionUpdateContract ⁠ takeover

Key facts

•⁠ ⁠The wallet was hijacked via permission update, after which control was reassigned to:
•⁠ ⁠⁠ TLTiM73AvVAS5x3ndmdWDfwp7yTZ2zTdft ⁠
•⁠ ⁠Takeover tx:
⁠ 4ebb58733baf9f60c467e41a7093139410da52ec07ae8be35fc014875a9dedc4 ⁠

•⁠ ⁠Shortly after takeover, the attacker moved out:
•⁠ ⁠22,007,392.88580482 CORA
•⁠ ⁠Main theft tx:
⁠ 2d3b1c284d7489a29e517fe49dba253141623870c4bea4804017c9f1e2af9a87 ⁠

Fee-funding link

The attacker-controlled wallet ⁠ TLTiM73AvVAS5x3ndmdWDfwp7yTZ2zTdft ⁠ funded the victim wallet with TRX for fees immediately around the takeover:
•⁠ ⁠⁠ 396cc6439652782af4c979a82cd574c425647d1ecd723362d95145a56649656e ⁠ → 110 TRX
•⁠ ⁠⁠ ff32f871a704b2868a8b8228c9cbafc967a1f55f14206627e912c70831fffc4b ⁠ → 30 TRX

This directly links ⁠ TLTiM73AvVAS5x3ndmdWDfwp7yTZ2zTdft ⁠ to the execution of the attack.

What happened to the stolen funds

•⁠ ⁠The stolen CORA was transferred to:
•⁠ ⁠⁠ TLTiM73AvVAS5x3ndmdWDfwp7yTZ2zTdft ⁠
•⁠ ⁠Then approved and swapped through:
•⁠ ⁠Spender: ⁠ TTJxU3P8rHycAyFY4kVtGNfmnMH4ezcuM9 ⁠
•⁠ ⁠SunSwap Universal Router: ⁠ TSJEtPuqHpvSaVnSwvCsngaeBxrGUzp95Q ⁠
•⁠ ⁠Likely CORA/TRX pool path: ⁠ TXZ5aYqEuzoLdi22jXR4ysonytXXDyuW8Y ⁠
•⁠ ⁠The stolen CORA was liquidated into approximately:
•⁠ ⁠39,748.710395 TRX

Main suspect / primary attacker wallet

•⁠ ⁠⁠ TLTiM73AvVAS5x3ndmdWDfwp7yTZ2zTdft ⁠

This wallet should be treated as the main attacker-controlled wallet because it:
•⁠ ⁠received control over the victim wallet
•⁠ ⁠funded the victim with TRX for fees
•⁠ ⁠received the stolen CORA
•⁠ ⁠executed the approval and swap flow

Other relevant downstream wallets to investigate

•⁠ ⁠⁠ TG6t3KgCtXeEVFq6XbcZVnjsnoBY9bt87B ⁠
•⁠ ⁠⁠ TSEYQDJzEmq98S5NSv7MzG9iocp7dPF4D2 ⁠
•⁠ ⁠⁠ TSNxqaAxjCZGtM6Y2thR8RZ8ufXAyxU8Uq ⁠

Recommended next step

Trace all outbound movements from:
•⁠ ⁠⁠ TLTiM73AvVAS5x3ndmdWDfwp7yTZ2zTdft ⁠

with priority on:
•⁠ ⁠conversion into USDT
•⁠ ⁠transfers to downstream wallets
•⁠ ⁠any eventual touch to ChangeNow, FixedFloat, or exchange deposit addresses

Generated by AutoTracer Agent. Upvote our project here:

Topic		Replies	Views
Can we report a scam and get to block the wallet of the scamer? TRON Discussion	23	3494	October 4, 2025
Welcome to TRONDAO Forum TRON Discussion	915	40920	March 20, 2026
I was Hacked today $6500 TRON Discussion	71	3118	March 18, 2026
About the TRON Discussion category TRON Discussion	213	10919	December 25, 2025
Tron wallet notice TRON Discussion	10	526	November 6, 2023