Security

The Gem Pad token launchpad has been exploited for $2M on multiple chains

The Gem Pad token launchpad is posting suspicious transactions, on-chain research shows. The platform for token launches and sales was exploited for an estimated $2.2M.

Gem Pad is sending out suspicious transactions, pointing to an exploit of multiple chains and tokens. The Gem Pad team immediately mitigated the hack, explaining that multiple security locks had been breached.

IMPORTANT ANNOUNCEMENT

As some of you may have noticed, an incident occurred last night where someone managed to breach our security locks.

We immediately contacted all of our partners and experts in the space to investigate and resolve the situation. The issue has now been…

— 𝗚𝗲𝗺𝗣𝗮𝗱 (@TheGemPad) December 17, 2024

Code analysts pointed out the reason for the attack as a reentrancy on one of the functions that creates a token lock. The malicious token transfer allowed the hacker to get back the liquidity from several projects.

The tokens affected were from three major chains – Ethereum, Base, and BNB Smart Chain. The GempadLock smart contract was the flawed entry point, due to lack for reentrancy protection.

The exploit happened despite the recent audit by Cyberscope. GemPad was even given a high security score, though the flaw was found within one function in one smart contract.

After the news of the exploit, the GEMS token backtracked slowly to $0.11. The native token of the Gem Pad platform already slid in the second half of 2024, and now trades at around $0.11.

Gem Pad projects face fallout from stolen tokens

The attacker drained resources from the security locks of Gem Pad, then swapped them for ETH and BNB and consolidated the haul. According to Gem Pad, only a handful of projects were affected, but the platform is now safe and back online. Only the Locker service is unavailable until further announcement.

Token locks on Gem Pad are the smart contracts that hold some of the tokens transparently, ensuring they will not be sold in a rug pull. Launchpads are still a tool for distributing new tokens, in addition to meme token markets. Launchpad volumes have decreased, yet Gem Pad has managed to attract a portfolio of projects.

While Gem Pad itself is not compromised, it remained the central flaw point, due to the logic of its smart contract. However, the affected projects and communities are the ones that absorbed the losses.

Five projects affected by drained liquidity

Munch Protocol was one of the projects to have their token lock attacked. However, the protocol announced its funds are safe and unaffected, and may be recovered with the help of Gem Pad. Munch Protocol tokens are not yet traded, and have not felt the secondary effects of the hack. The protocol has not mentioned how it managed to keep its funds safe, and whether it has absorbed any direct losses.

The Nutcoin Ecosystem was another project affected by the lock attack. This time, all of the project’s liquidity has been drained on Ethereum. At one point, four transactions of 100 ETH were sent directly to Tornado Cash, making them essentially unrecoverable.

Anon was another project with drained liquidity, with $3.6M in value exposed. The Anon community on Base is not affected and personal wallets are safe. While $2.2M have been accounted to date, there may be a larger final accounting for all the tokens lost.

FOMO Network also reported its liquidity pool on the launchpad was drained. As a result, the native FOMO token crashed from $0.004 to $0.00098. The hack also affected the newly launched DUB token by one of the partners of Alien Base DEX, a trading app on the Base chain.

The hack also affected the liquidity for BPAY tokens. The exploiter sent BPAY tokens directly to Uniswap V2, later transforming the haul into WETH. Immediately after the news, BPAY slid by 75%, from $0.004 to $0.001.

While the Gem Pad attack was relatively small in terms of funds stolen, the secondary effects erased even more liquidity from the market. The loss may also further compromise the integrity of the tokens and projects affected.

The attack came at a time when Gem Pad was expanding its activity on Base, and posting more content to drive investors to its launchpad projects. Multiple new launches are expected in the coming days, though for now no explanation has been given on the new method of locking up liquidity.

A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.

Source

Click to rate this post!
[Total: 0 Average: 0]
Show More

Leave a Reply

Your email address will not be published. Required fields are marked *