- Base asset tokenization protocol Grand Base suffered a $1.7 million loss due to a private key leak
- Hackers gained control of Grand Base’s deployer contracts and minted an excess number of GB tokens without authorization before withdrawing them
- The protocol’s native GB token lost 99% of its value in the past 24 hours due to the incident
The real-world asset tokenization protocol Grand Base suffered a major exploit this week resulting in the loss of $1.7 million worth of tokens. The incident highlights the risks associated with private key security and the need for robust auditing practices.
Details of the Exploit
On April 15th at 3:01 AM UTC, an exploit occurred on Grand Base’s contracts according to an admin in the protocol’s Telegram channel. The private key leak enabled the hackers to gain control of deployer contracts and mint an excess number of GB tokens without authorization. The hackers then withdrew the illicitly minted tokens, swapping them on-chain for Ether before sending them to an external address.
Aftermath and Response
In the aftermath, Grand Base’s native token GB lost 99% of its value within 24 hours. The admin urged users to remove their liquidity and avoid interacting with the contract. Grand Base claimed to be tracking the hacker’s wallets and discussing freezing funds with exchanges. Users expressed dismay at the exploit, with some alleging there were hidden loopholes enabling it.
Looking Ahead
Grand Base was launched less than 5 months ago, allowing users to tokenize real-world assets into ERC-20 tokens and earn rewards on their liquidity. While still assessing the damage, the protocol faces rebuilding trust and overcoming perceptions of negligence. The hack underscores the need for rigorous audits and water-tight private key security, especially for new DeFi protocols handling user funds.
Conclusion
Though a painful setback, the Grand Base team now has an opportunity to identify vulnerabilities, bolster security practices, and relaunch stronger than before. With careful analysis of this incident, the broader DeFi ecosystem can also take steps to guard against similar exploits in future.
