ar
الرجوع للقائمة

تم استغلال لوحة إطلاق الرمز المميز Gem Pad مقابل مليوني دولار على سلاسل متعددة

source-logo  cryptopolitan.com 18 ديسمبر 2024 09:58, UTC

تظهر الأبحاث على السلسلة أن لوحة إطلاق الرمز المميز Gem Pad تنشر معاملات مشبوهة. تم استغلال منصة إطلاق الرموز المميزة ومبيعاتها بما يقدر بنحو 2.2 مليون دولار.

ترسل Gem Pad معاملات مشبوهة، مما يشير إلى استغلال سلاسل ورموز متعددة. قام فريق Gem Pad على الفور بتخفيف الاختراق، موضحًا أنه تم اختراق العديد من أقفال الأمان.

إعلان هام

كما لاحظ البعض منكم، وقع dent الليلة الماضية حيث تمكن شخص ما من اختراق أقفال الأمان الخاصة بنا.

اتصلنا على الفور بجميع شركائنا وخبرائنا في هذا المجال للتحقيق في الموقف وحله. الموضوع أصبح الآن…

– 𝗚𝗲𝗺𝗣𝗮𝗱 (@TheGemPad) 17 ديسمبر 2024

Code analysts pointed out the reason for the attack as a reentrancy on one of the functions that creates a token lock. The malicious token transfer allowed the hacker to get back the liquidity from several projects.

The tokens affected were from three major chains – Ethereum, Base, and BNB Smart Chain. The GempadLock smart contract was the flawed entry point, due to lack for reentrancy protection.

The exploit happened despite the recent audit by Cyberscope. GemPad was even given a high security score, though the flaw was found within one function in one smart contract.

After the news of the exploit, the GEMS token backtracked slowly to $0.11. The native token of the Gem Pad platform already slid in the second half of 2024, and now trades at around $0.11.

Gem Pad projects face fallout from stolen tokens

The attacker drained resources from the security locks of Gem Pad, then swapped them for ETH and BNB and consolidated the haul. According to Gem Pad, only a handful of projects were affected, but the platform is now safe and back online. Only the Locker service is unavailable until further announcement.

Token locks on Gem Pad are the smart contracts that hold some of the tokens transparently, ensuring they will not be sold in a rug pull. Launchpads are still a tool for distributing new tokens, in addition to meme token markets. Launchpad volumes have decreased, yet Gem Pad has managed to attract a portfolio of projects.

While Gem Pad itself is not compromised, it remained the central flaw point, due to the logic of its smart contract. However, the affected projects and communities are the ones that absorbed the losses.

Five projects affected by drained liquidity

Munch Protocol was one of the projects to have their token lock attacked. However, the protocol announced its funds are safe and unaffected, and may be recovered with the help of Gem Pad. Munch Protocol tokens are not yet traded, and have not felt the secondary effects of the hack. The protocol has not mentioned how it managed to keep its funds safe, and whether it has absorbed any direct losses.

The Nutcoin Ecosystem was another project affected by the lock attack. This time, all of the project’s liquidity has been drained on Ethereum. At one point, four transactions of 100 ETH were sent directly to Tornado Cash, making them essentially unrecoverable.

Anon was another project with drained liquidity, with $3.6M in value exposed. The Anon community on Base is not affected and personal wallets are safe. While $2.2M have been accounted to date, there may be a larger final accounting for all the tokens lost.

FOMO Network also reported its liquidity pool on the launchpad was drained. As a result, the native FOMO token crashed from $0.004 to $0.00098. The hack also affected the newly launched DUB token by one of the partners of Alien Base DEX, a trading app on the Base chain.

The hack also affected the liquidity for BPAY tokens. The exploiter sent BPAY tokens directly to Uniswap V2, later transforming the haul into WETH. Immediately after the news, BPAY slid by 75%, from $0.004 to $0.001.

While the Gem Pad attack was relatively small in terms of funds stolen, the secondary effects erased even more liquidity from the market. The loss may also further compromise the integrity of the tokens and projects affected.

The attack came at a time when Gem Pad was expanding its activity on Base, and posting more content to drive investors to its launchpad projects. Multiple new launches are expected in the coming days, though for now no explanation has been given on the new method of locking up liquidity.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

cryptopolitan.com