Key Takeaways:
- Security Breach: The Gnus.AI network suffered a security breach due to a token-minting vulnerability exploited by attackers, resulting in approximately $1.27 million in losses.
- Method of Attack: Hackers accessed private Discord messages, obtained the private key to the team’s wallet, and exploited the token’s “salt” data, leading to the creation and sale of 100 million counterfeit GNUS tokens on the Fantom network.
- Response and Impact: Gnus.AI plans to mitigate losses by contributing $1 million to a liquidity pool for a new token version, covering about 80% of the financial damages caused by the attack.
On May 5, a significant security breach occurred on the Gnus.AI network when attackers exploited a token-minting vulnerability, leading to approximately $1.27 million in losses.
The breach was facilitated through unauthorized access to private Discord messages of the Gnus.AI team, which revealed critical information including the team’s wallet address.
🚨 Important Announcement 🚨
— GNUS.ai (@GnusAi) May 5, 2024
Due to a recent exploit, a hacker was able to mint fake $GNUS tokens on Fantom, transfer via Axelar Bridge to Ethereum and Polygon, and sell into existing liquidity pools.
We will be conducting a snapshot at the block preceding the exploit.
To… pic.twitter.com/MoKNybCwTN
Gnus.AI, a blockchain network designed for performing AI computations in return for tokens, faced a devastating attack as disclosed in a May 6 announcement by the blockchain security firm, CertiK.
The attackers managed to obtain the private key for the team’s account, starting with “0x18“.
With access to this account, they exploited the “salt” data of the token on the Ethereum blockchain and utilized the Axelar bridge protocol to create and bridge 100 million fake GNUS tokens to the Fantom network.
These tokens were then sold on Ethereum, causing a sharp price drop and transferring wealth from legitimate token holders to the attacker.
Following the incident, the CEO of Gnus.AI, known as “SuperGenius,” highlighted the severity of the breach on the social media platform X, stating, “Apparently the hackers can watch private messages on Discord.”
We've figured out that the hackers got the devs 0x18 deployment wallet during a discord hack. Apparently the hackers can watch private messages on discord.
— SuperGenius.eth (@SuperGeniusEth) May 5, 2024
This 0x18 was not the owners of the smart contract, but enabled them to launch exact address on FTM of the Axelar Token… https://t.co/9ne2jWoLrf
As a temporary measure, SuperGenius announced that Gnus.AI would contribute $500,000 in Ether and an additional $500,000 in locked fees to a liquidity pool for a new version of the Genius (GNUS) token.
Users have been advised to refrain from purchasing the compromised token version.
CertiK’s report estimates the financial impact at about $1.25 million, with the planned compensation by Gnus.AI expected to cover roughly 80% of the total losses.
2/ The attacker bridged 500k GNUS to Ethereum and sold it for 407 ETH (~$1.27m). https://t.co/tnJOv4VZND
— CertiK Alert (@CertiKAlert) May 6, 2024
This incident underscores ongoing security vulnerabilities within blockchain networks, though recent reports suggest a decline in such exploits, indicating possibly improved security measures across the industry.
About The Author
Victor Fawole, a seasoned Web3 content creator and social media influencer, excels in bringing the pulse of the crypto world to our readers.
With a keen eye for emerging trends and a talent for engaging storytelling, Victor’s articles offer a fresh perspective on the ever-evolving digital currency landscape.
Check Victor out on:
