DePIN GnusAI protocol victim of $1.3 million hack

In recent months, a new category has emerged in cryptos. Thus, the protocols of DePIN (Decentralized Physical Infrastructure Networks) aim to decentralize infrastructure. The project GnusAI for example, allows GPUs to be rented in a decentralized manner. This then makes it possible to train or run AI models. Unfortunately, this one has recently been the target of a hack.

$1.27 million stolen in GnusAI hack

On May 5, the teams of GnusAI have https://twitter.com/GnusAi/status/1787118358862942361 their community after being the target of a hack. According to the first announcements, the hacker would have successfully minted GNUS tokens. After mining these tokens, he quickly sold them on the existing liquidity pools on Ethereum.

Shortly after the attack, the company Certik specialized in blockchain security https://twitter.com/CertiKAlert/status/1787425555832299839 operation mode.

Thus, it appears that the attacker managed to get private key from one of the addresses of the protocol developers.

Once he had the address, he was able to copy the salt of the contract token manager And redeploy a token manager contract on the Fantom blockchain. As a reminder, the salt is a character string (nonce) used when deploying a smart contract to ensure that the address of the deployed contract is unique.

From now on, the attacker controls this new contract, which allows him to mint 500,000 GNUS tokens. As it is an exact replica of the original contract, the tokens are considered valid.

Therefore, the attacker was able to send said tokens to Ethereum using Axelar’s bridge. Once the GNUS were on Ethereum, the hacker massively sold the tokens on Uniswap, pocketing 407 ETH, or almost $1.3 million.

According to the information https://twitter.com/SuperGeniusEth/status/1787167358706196758 by SuperGenius.eth, the founder of GnusAI, it seems that the hacker obtained the private key by hacking the project’s discord. This would have allowed him to access the private messages and retrieve the private key that had been shared there. Note that it’s not very “SuperGenius” to send a private key in plain text on Discord, but let’s move on.

Developers are looking for a solution

In the space of a few moments, the GNUS price collapsed from 22 to $1. Now, the GNUS teams are looking for a solution to overcome the hack.

GNUS price evolution curveGNUS price evolution curve
Fall in the price of GNUS following the resale of tokens – Source: Coingecko.

After a community AMA hosted via Space Twitter, it was decided to keep the current smart contracts of the GNUS token.

For its part, the team intends to process the surplus of tokens created by the hacker by carrying out a buy-back and burn maneuver. This aims to buy back the tokens on the DEX markets to destroy them, therefore bringing the supply back to the same level as before the hack.

For users who may have sold in a panic, GnusAI has set up a form that would allow tokens to be repurchased at a rate of $1 each.

At the same time, they announced a 10% bug bounty reward to hacker. Thus, he could return 90% of the stolen funds and avoid legal proceedings.

To be continued in the coming days!

Last week, another DePIN protocol came under attack. This is the protocol IONet and it was the target of a sybil attack. Thus, malicious users found a way to trick the system into believing that they were providing GPUs when that was not the case.

-

-

PREV Google presents its brand new smartphone, the Pixel 8a
NEXT FDA Validates Apple Watch Heart Tracker for Clinical Trials