Grand Base (GB), a real-world asset tokenization protocol operating on Coinbase’s layer-2 blockchain, has recently encountered a significant setback. Following a compromise of its private key, the protocol suffered losses amounting to $1.7 million.
An important update:
On April 15 at 03:01:27 AM +UTC, an exploit happened.
For this specific reason, we urge all our community members to stay away from this contract as it is not safe anymore.
As everyone saw, we have been exploited and the LP was drained. We are working…
— Grand Base (@grandbase_fi) April 15, 2024
According to PeckShield, a blockchain analytics firm, the breach led to the theft of $1.7 million worth of tokens from liquidity pools.
#PeckShieldAlert Private Key leak? @grandbase_fi
The stolen token has been swapped for ~527 $ETH (~$1.7m) & bridged them to #Ethereum pic.twitter.com/DQYFEECrNN— PeckShieldAlert (@PeckShieldAlert) April 15, 2024
These tokens were subsequently swapped for ETH on-chain and transferred to an external address. As a result of the incident, the native token of the protocol experienced a 99% devaluation within 24 hours.
The Grand Base Telegram admin reiterated the unsafe nature of the token contract and advised against any further swaps or interactions. The team is actively working on addressing the situation and promised to provide updates promptly.
CertiK, another blockchain analytics firm, conducted a follow-up analysis revealing that the hacker gained control of Grand Base deployer contracts. This unauthorized access allowed the hacker to mint an excessive number of GB tokens, which were then withdrawn.
In response to the breach, Grand Base staff announced that they have identified the hacker’s wallets and are coordinating with centralized exchanges (CEXs) to freeze any potential movement of funds. Despite these efforts, users expressed disappointment and urged caution, advising against further deposits or interactions with the compromised protocol.
Before the breach, Grand Base had imposed a maximum token cap of 50 million, offering users the ability to deposit collateral and mint ERC-20 tokens representing real-world assets. The protocol also provided liquidity options for tokenized assets, allowing users to earn rewards. However, the recent security breach has raised concerns about the protocol’s safety and viability.