A hacker has managed to drain approximately $1.27 million using a token-minting exploit on the Gnus.AI network via a Discord hack.
According to the team, the network’s token contract amongst other vitals are secure, and have initiated investigations and a recovery process for its users.
On May 5th, 2024, the Gnus.ai team alerted its users and the crypto community of a major exploit.
Blockchain security firm CertiK confirmed that the hacker managed to get the private key to the dev team’s 0x18 deployment wallet keys, which allowed them to execute the exploit.
Once they had done so, they copied the “salt” data from Ethereum, and then leveraged the Axelar bridge protocol to redeploy the token on the Fantom network.
Following this, they could mint tokens, and so the hacker minted 100 million fake tokens, which they bridged to Ethereum and sold on the market. This caused a price crash, transferring the wealth of existing tokens to the hacker, who then received real assets in return.
CEO and Founder of Gnus.ai, SuperGenius, took to social media to clarify the recovery process going forward.
He first proposed a “quick fix” which will see the team deposit $500k in Ethereum (ETH) tokens into a new liquidity pool once they “are sure it can’t be hacked again.”
This will also include tapping a further $500k “in fees locked until February 2025.” He reassured users that the network’s smart contract wasn’t compromised.
For now, they’ve disabled Polygon and Ethereum bridging, and have stated that: “ the base, BSC liquidity, and contracts were not affected.”
In a May 7th, 2024 post, Gnus.ai updated its post-exploit recovery plan. Firstly, in order to address the surplus fake tokens that were minted as a result of the hack, Gnus.ai has launched a “company buyback and burn strategy.”
Users who held tokens prior to the exploit and sold them after can provide their wallet details to a Google form found in the social media post above. If eligible, they will be repurchased by Gnus.ai at $1 per token.
Perhaps a little disheartening is the almost immediate flood of scam accounts pretending to be Gnus.ai, baiting them with fake crypto recovery links.
Gnus.ai has also launched a “white hat bounty worth 10% of the stolen funds”, which will hopefully result in the return of GNUS tokens.