Gem Pad 代币启动板已在多个链上被利用,价值达 200 万美元
链上研究显示,Gem Pad 代币启动板正在发布可疑交易。该代币发行和销售平台的收益估计为 220 万美元。
Gem Pad 正在发送可疑交易,指出对多个链和代币的利用。 Gem Pad 团队立即缓解了此次黑客攻击,并解释说多个安全锁已被攻破。
重要公告
你们中的一些人可能已经注意到,昨晚发生了一起dent,有人设法破坏了我们的安全锁。
我们立即联系了该领域的所有合作伙伴和专家,以调查并解决该问题。现在的问题已经是……
- 𝗚𝗲𝗺𝗣𝗮𝗱(@TheGemPad) 2024 年 12 月 17 日
Code analysts pointed out the reason for the attack as a reentrancy on one of the functions that creates a token lock. The malicious token transfer allowed the hacker to get back the liquidity from several projects.
The tokens affected were from three major chains – Ethereum, Base, and BNB Smart Chain. The GempadLock smart contract was the flawed entry point, due to lack for reentrancy protection.
The exploit happened despite the recent audit by Cyberscope. GemPad was even given a high security score, though the flaw was found within one function in one smart contract.
After the news of the exploit, the GEMS token backtracked slowly to $0.11. The native token of the Gem Pad platform already slid in the second half of 2024, and now trades at around $0.11.
Gem Pad projects face fallout from stolen tokens
The attacker drained resources from the security locks of Gem Pad, then swapped them for ETH and BNB and consolidated the haul. According to Gem Pad, only a handful of projects were affected, but the platform is now safe and back online. Only the Locker service is unavailable until further announcement.
Token locks on Gem Pad are the smart contracts that hold some of the tokens transparently, ensuring they will not be sold in a rug pull. Launchpads are still a tool for distributing new tokens, in addition to meme token markets. Launchpad volumes have decreased, yet Gem Pad has managed to attract a portfolio of projects.
While Gem Pad itself is not compromised, it remained the central flaw point, due to the logic of its smart contract. However, the affected projects and communities are the ones that absorbed the losses.
Five projects affected by drained liquidity
Munch Protocol was one of the projects to have their token lock attacked. However, the protocol announced its funds are safe and unaffected, and may be recovered with the help of Gem Pad. Munch Protocol tokens are not yet traded, and have not felt the secondary effects of the hack. The protocol has not mentioned how it managed to keep its funds safe, and whether it has absorbed any direct losses.
The Nutcoin Ecosystem was another project affected by the lock attack. This time, all of the project’s liquidity has been drained on Ethereum. At one point, four transactions of 100 ETH were sent directly to Tornado Cash, making them essentially unrecoverable.
Anon was another project with drained liquidity, with $3.6M in value exposed. The Anon community on Base is not affected and personal wallets are safe. While $2.2M have been accounted to date, there may be a larger final accounting for all the tokens lost.
FOMO Network also reported its liquidity pool on the launchpad was drained. As a result, the native FOMO token crashed from $0.004 to $0.00098. The hack also affected the newly launched DUB token by one of the partners of Alien Base DEX, a trading app on the Base chain.
The hack also affected the liquidity for BPAY tokens. The exploiter sent BPAY tokens directly to Uniswap V2, later transforming the haul into WETH. Immediately after the news, BPAY slid by 75%, from $0.004 to $0.001.
While the Gem Pad attack was relatively small in terms of funds stolen, the secondary effects erased even more liquidity from the market. The loss may also further compromise the integrity of the tokens and projects affected.
The attack came at a time when Gem Pad was expanding its activity on Base, and posting more content to drive investors to its launchpad projects. Multiple new launches are expected in the coming days, though for now no explanation has been given on the new method of locking up liquidity.
Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap
推荐文章
