Key Takeaways
- A hacker minted 100 million “fake” Genius (GNUS) tokens and flooded the market with them.
- Users are advised not to purchase any more GNUS tokens until a new version is released.
- A token buy-back and bounty scheme have been launched by Gnus.ai.
A hacker has managed to drain approximately $1.27 million using a token-minting exploit on the Gnus.AI network via a Discord hack.
According to the team, the network’s token contract amongst other vitals are secure, and have initiated investigations and a recovery process for its users.
Minting Millions of Tokens
On May 5th, 2024, the Gnus.ai team alerted its users and the crypto community of a major exploit.
Blockchain security firm CertiK confirmed that the hacker managed to get the private key to the dev team’s 0x18 deployment wallet keys, which allowed them to execute the exploit.
Once they had done so, they copied the “salt” data from Ethereum, and then leveraged the Axelar bridge protocol to redeploy the token on the Fantom network.
Following this, they could mint tokens, and so the hacker minted 100 million fake tokens, which they bridged to Ethereum and sold on the market. This caused a price crash, transferring the wealth of existing tokens to the hacker, who then received real assets in return.
GNUS Responds
CEO and Founder of Gnus.ai, SuperGenius, took to social media to clarify the recovery process going forward.
He first proposed a “quick fix” which will see the team deposit $500k in Ethereum (ETH) tokens into a new liquidity pool once they “are sure it can’t be hacked again.”
This will also include tapping a further $500k “in fees locked until February 2025.” He reassured users that the network’s smart contract wasn’t compromised.
For now, they’ve disabled Polygon and Ethereum bridging, and have stated that: “ the base, BSC liquidity, and contracts were not affected.”
GNUS Token Recovery
In a May 7th, 2024 post, Gnus.ai updated its post-exploit recovery plan. Firstly, in order to address the surplus fake tokens that were minted as a result of the hack, Gnus.ai has launched a “company buyback and burn strategy.”
Users who held tokens prior to the exploit and sold them after can provide their wallet details to a Google form found in the social media post above. If eligible, they will be repurchased by Gnus.ai at $1 per token.
Perhaps a little disheartening is the almost immediate flood of scam accounts pretending to be Gnus.ai, baiting them with fake crypto recovery links.
Gnus.ai has also launched a “white hat bounty worth 10% of the stolen funds”, which will hopefully result in the return of GNUS tokens.
Eddie is a gaming and crypto writer at CCN. Covering the often weird and wonderful world of Web3 with an adoring, but skeptical eye.
Prior to CCN, Eddie has spent the past seven years working his way through the crypto, finance, and technology industry. He began with PR and journalism with Bitcoin PR Buzz and BitcoinNews.com, eventually working his way to become a copywriter with a dozen firms, including the likes of Polkadot before returning to journalism in 2023.
Having studied Radio production and journalism at University in the UK, Eddie spent a few years making podcasts and presenting on a local London radio station as he built up his writing chops.
A lifelong skateboarder, Eddie can often be found at the skatepark or touring the streets looking for something new to try. That, or kicking back playing JRPGs on his original PSP.
