GriffinAI suffers hacker attack, exposing a new vulnerability in token permission security

Author: Eric, Foresight News

Original Title: Token Price Nearly Zeroes Out, Binance Alpha Rising Star GriffinAI Falls Victim to Hacker Attack

Last night (UTC+8), Binance Alpha launched an airdrop of the Web3 AI project GriffinAI's token GAIN to users with a score above 210. However, just 12 hours after the airdrop ended, GriffinAI suffered a hacker attack, with 5 billion GAIN tokens maliciously minted. This caused the price of GAIN to plummet from a peak of about $0.163 to around $0.003 within an hour, nearly zeroing out. As of writing, the price of GAIN has rebounded to around $0.026.

Starting around 9:30 AM (UTC+8), the hacker began swapping the newly minted GAIN for BNB, then bridged it to Ethereum, and started transferring the stolen funds to Tornado Cash. After investigation, GriffinAI founder Oliver Feldmeier tweeted that the hacker initiated the attack by introducing an unauthorized LayerZero Peer and deploying a fake Ethereum contract (token TTTTT, address 0x7a8caf), adding it as the LayerZero Peer for GAIN on the Ethereum side. This allowed the hacker to bypass the official contract, and then use LayerZero cross-chain functionality to mint additional GAIN tokens on BNB Chain with the fake Ethereum tokens.

As of press time, GriffinAI has removed the official liquidity added on BNB Chain and requested that exchanges suspend GAIN deposits, trading, and withdrawals on BNB Chain.

This attack targeted GriffinAI, one of the few "flagship" European Web3 projects.

GriffinAI was founded in Switzerland. Founder Oliver Feldmeier was previously the co-founder of SMART VALOR, which in 2019 launched the first fully regulated digital asset exchange in Switzerland and Liechtenstein, and became the first European digital asset exchange to list on the Nasdaq Nordic Market. GriffinAI's Chief BD Officer Colin Fitzpatrick was formerly Oracle's Multi-Cloud Ecosystem Lead, and blockchain engineer Roman previously worked at Binance and Trust Wallet.

GriffinAI aims to build a technical framework that makes it easier to integrate large language models and AI Agents on-chain, simplifying the development, deployment, and monetization process for AI Agents by providing convenient access to both centralized and decentralized AI services. GriffinAI's architecture consists of three core components: a decentralized AI network, an identity management and reputation system, and an AI Agent framework.

• Decentralized AI Network: GriffinAI introduces a decentralized network composed of independent AI models and service providers. These providers offer hosted LLMs, AI models, datasets, APIs, and other services. Service providers can be companies, projects, DAOs, or individuals. Each provider acts as a node operator, running GriffinAI protocol software, and users can access these AI services via cryptographic primitives and APIs.

• Identity Management and Reputation System: GriffinAI has launched a decentralized identity registration system and a distributed reputation system. The identity registration system allows network participants to register their identities and public keys for authentication and message verification. The reputation system is used to record and evaluate the performance of node operators (service providers, client providers) and AI agents.

• AI Agent Framework: This framework provides creators with the tools and resources needed to develop and deploy AI Agents in the blockchain space. It includes protocols and tool libraries required for agents to interact with blockchain functionalities. It builds an environment where AI Agents can autonomously perform tasks and achieve objectives.

GriffinAI has already launched a large number of AI-related products, including the open-source AI Agent LLaMA Agent, an AI image generator, DeFi AI Agent TEA, and AI Agent Alpha Hunter, which assists users in researching newly listed tokens.

Hackers Begin Targeting Token Minting Permissions

Previously, Web3 social platform and infrastructure provider UXLINK's team multi-signature wallet suffered a private key leak, resulting in massive token minting and forcing the issuance of new tokens to replace the old token contract. Clearly, as DeFi protocol contract code becomes increasingly mature, hackers are now targeting token minting permissions. Previously, UXLINK's project multi-signature wallet was breached; now, attackers have managed to trick the BNB Chain LayerZero peer into trusting fake Ethereum tokens to cross-chain mint new tokens.

If the theft of DeFi liquidity pools still leaves some chance for recovery, then unauthorized token minting or a change in token issuance permissions can cause almost permanent damage to a project. The two major incidents this month serve as a warning to project teams: while focusing on contract security, teams must also pay attention to the security of team control and token contract permissions, especially for cross-chain tokens, where contract logic design must be handled with extreme caution.