Base asset tokenization protocol loses $1.7M due to private key leak

The tokenization platform Grand Base (GB) on Coinbase’s own layer-2 blockchain experienced a loss of approximately $1.7 million due to a breach in its private keys.

Around 3:01:27 AM on April 15, UTC, a vulnerability was discovered in one of our contracts, as reported by an admin in our Telegram chat. Due to this issue, we strongly advise all members of our community to avoid using this contract as it is no longer secure.

Based on the report from blockchain analysis firm PeckShield, a private key leak led to the theft of approximately $1.7 million worth of tokens from the liquidity pools. The stolen tokens were then converted into Ether (ETH) and transferred to an external wallet. Concurrently, the value of the protocol’s native token plummeted by 99% within a day due to this incident.

The Grand Base Telegram administrator cautioned that using or exchanging this token through its contract is no longer secure. Please avoid doing so for your safety. We’ll keep you informed about the next course of action as soon as possible.

According to a subsequent investigation by CertiK, the hacker managed to take over the Grand Base deployer agreements. As a result, they produced more GB tokens than allowed and eventually took away these unauthorized tokens.

Grand Base team reported in a following update that they have traced all the involved wallets of the hacker and are now monitoring their actions. They are currently collaborating with cryptocurrency exchanges to prevent any potential fund transfers by the hacker.

Users were not impressed with news of the Monday hack.

“Apologies to all affected parties in this situation,” one user cautioned in Grand Base’s Telegram conversation. “I strongly advise against investing any more funds. Withdraw your current investment if possible.”

One possible paraphrase for “There are hidden loopholes in this contract,” could be “This contract may contain unseen vulnerabilities.” And instead of “Do you know if it was intentional by dev or not?” you could ask, “Was the inclusion of these hidden vulnerabilities deliberate on the part of the developer?” As for “The total balance does not show any changes, and it belongs to hidden loopholes,” a possible paraphrase would be “The unseen weaknesses in the contract have allowed the balance to remain untouched.” Before the hack, Grand Base had a maximum GB token supply set at 50 million.

About five months ago, the Grand Base tokenization procedure made its debut, enabling depositors to convert real-world assets into ERC-20 tokens by providing collateral. This innovation also introduced liquidity opportunities for earning rewards on the tokenized assets.

Read More

2024-04-15 18:31