The price of the coin has almost dropped to zero, and Binance Alpha's newcomer GriffinAI has been hit by a massive issuance.

The Web3 AI project GriffinAI, which recently launched its GAIN token on Binance Alpha, suffered a major hack just 12 hours after its airdrop concluded. An attacker exploited a vulnerability by introducing an unauthorized LayerZero peer, deploying a fake Ethereum contract, and using it to maliciously issue 5 billion additional GAIN tokens on the BNB Chain. This caused the token's price to plummet from approximately $0.163 to nearly zero. The hacker then swapped the tokens for BNB, bridged the funds to Ethereum, and began laundering them through Tornado Cash. In response, GriffinAI has removed official liquidity and requested that listings suspend all GAIN-related activities on BNB Chain. This incident, alongside a similar recent hack on UXLINK, highlights a growing trend of attackers targeting token issuance permissions, underscoring the critical need for enhanced security in team controls and cross-chain contract logic.

By Eric, Foresight News

Last night (Beijing time), Binance Alpha launched an airdrop of GAIN, the Web3 AI project GriffinAI's token, to users with a GAIN score of 210 or higher. However, just 12 hours after the airdrop ended, GriffinAI was hacked, with 5 billion GAIN tokens maliciously issued. This caused the price of GAIN to plummet from a high of approximately $0.163 to approximately $0.003 within an hour, practically reaching zero. As of this writing, the price of GAIN has rebounded to around $0.026.

Around 9:30 AM, the hacker began trading the newly issued GAIN for BNB, then cross-chain trading to Ethereum, and began transferring the stolen funds to Tornado Cash. After an investigation, GriffinAI founder Oliver Feldmeier tweeted that the hacker launched the attack by introducing an unauthorized LayerZero peer. They deployed a fake Ethereum contract (token TTTTT, address 0x7a8caf) and added it as a LayerZero peer for GAIN on Ethereum, bypassing the official contract. The hacker then used the fake Ethereum tokens through a LayerZero cross-chain transaction to issue additional GAIN tokens on the BNB Chain.

As of the time of writing, GriffinAI has removed the official liquidity added to BNB Chain and required the listed GAIN transactions to suspend GAIN deposits, transactions, and withdrawals on BNB Chain.

GriffinAI, which was attacked this time, is one of the few "representative works" of European Web3 projects.

GriffinAI was founded in Switzerland. Its founder, Oliver Feldmeier, was previously the co-founder of SMART VALOR, which launched the first fully regulated digital asset exchange in Switzerland and Liechtenstein in 2019 and became the first European digital asset exchange to be listed on Nasdaq Nordic Market. GriffinAI's Chief Business Development Officer, Colin Fitzpatrick, was previously the head of Oracle's multi-cloud ecosystem. Its blockchain engineer, Roman, previously worked at Binance and Trust Wallet.

GriffinAI aims to build a technical framework that facilitates the on-chain integration of large language models and AI agents. By providing convenient access to centralized and decentralized AI services, it simplifies the development, deployment, and monetization of AI agents. GriffinAI's architecture consists of three core components: a decentralized AI network, an identity management and reputation system, and an AI agent framework.

Decentralized AI Network: GriffinAI introduces a decentralized network of independent AI model and service providers. These providers offer managed LLMs, AI models, datasets, APIs, and other services. Service providers can be companies, projects, DAOs, or individuals. Each provider acts as a node operator, running the GriffinAI protocol software. Users can access these AI services through cryptographic primitives and APIs.
Identity Management and Reputation System: GriffinAI has launched a decentralized identity registry and a distributed reputation system. The identity registry allows network participants to register their identities and public keys for authentication and message verification. The reputation system is used to record and evaluate the performance of node operators (service providers, client providers) and AI agents.
AI Agent Framework: This framework provides developers with the tools and resources necessary to develop and deploy AI agents in the blockchain space. It includes the protocols and tool libraries necessary for agents to interact with blockchain functionality. It creates an environment in which AI agents can autonomously perform tasks and achieve their goals.

GriffinAI has currently launched a large number of AI-related products, including the open source AI Agent LLaMA Agent, AI Image Generator, DeFi AI Agnet TEA, and AI Agent Alpha Hunter that assists users in researching newly launched tokens.

Hackers begin targeting token issuance authority

Previously, a private key leak in the multi-sig wallet of the UXLINK team, a Web3 social platform and infrastructure provider, led to a massive over-issuance of tokens, forcing them to issue new tokens to replace the old ones. Apparently, as DeFi protocol contract code matures, hackers are targeting token issuance permissions. Previously, the UXLINK project's multi-sig wallet was compromised, and now, attempts have been made to convince LayerZero peers on the BNB Chain to trust the legitimacy of fake Ethereum tokens in order to issue additional tokens across chains.

While a DeFi fund pool heist offers a chance for gradual recovery, the damage to a project from additional token issuance or a change in token issuance authority is almost permanent. Two malicious incidents this month serve as a wake-up call for project developers: while focusing on the security of project contracts, they must also consider the security of team control and token contracts. This is especially true for tokens that support cross-chain transactions, requiring extreme caution in the design of contract logic.