Gnus.AI, an artificial intelligence network, suffered a significant loss of around $1.27 million on May 5 due to a token-minting exploit. In response, the team has announced their plans to release a new version of the Genius (GNUS) token and has advised users to refrain from purchasing the old version.
According to CertiK, a blockchain security firm, the attacker was able to carry out the exploit by obtaining the private key to the team’s account that starts with 0x18. With control of this account, they were able to copy the token’s “salt” data from Ethereum and use the Axelar bridge protocol to create a Fantom network version of the token. Subsequently, they minted 100 million fake GNUS tokens, bridged them to Ethereum, and sold them on the market. This caused the price of the token to plummet, resulting in the transfer of wealth from existing tokenholders to the attacker, who received genuine assets in exchange for tokens created out of thin air.
In a post on social media platform X, Gnus.AI CEO “SuperGenius” stated that the compromise of the 0x18 account occurred when the attacker gained access to the team’s private Discord communications. SuperGenius mentioned that the hackers were able to monitor private messages on Discord. As a temporary solution, the team intends to deposit $500,000 worth of Ether (ETH) from their own funds into a liquidity pool for the new token upon its launch. Additionally, they will deposit $500,000 worth of fees that they are owed but are currently locked until February 2025, totaling $1 million in compensation.
CertiK estimates that the exploit resulted in a loss of $1.25 million, indicating that the initial distribution of funds will cover 80% of the incurred losses.
While blockchain networks continue to face risks of exploitation, there is evidence suggesting that these attacks may be decreasing as security practices improve. According to CertiK’s report on April 30, crypto users experienced the lowest number of losses from exploits since 2021 in April.