Grand Base (GB), a real-world asset tokenization protocol operating on Coinbase’s native Layer 2 blockchain, encountered a significant setback when it suffered a loss of $1.7 million due to a leak of its private keys. An administrator of the protocol's Telegram chat disclosed the breach, urging community members to refrain from engaging with the compromised contract, citing safety concerns.
According to blockchain analytics firm PeckShield, the breach led to the theft of $1.7 million worth of tokens from Grand Base's liquidity pool. The stolen tokens were subsequently exchanged for ether on-chain and transferred to an external address. As a consequence of the incident, the protocol's native token plummeted by 99% in value over the past 24 hours.
Reiterating the compromised security of the token contract, Grand Base Telegram administrators cautioned users against exchanging or interacting with it, emphasizing the importance of maintaining safety. The administrators pledged to provide updates on the situation and the subsequent course of action as swiftly as possible. Analysis by blockchain analytics firm CertiK revealed that hackers gained control of the Grand Base deployer contract, enabling them to mint an excessive amount of GB tokens without authorization before withdrawing them.
In response to the breach, Grand Base staff informed the community that they had identified the hacker's wallets and were coordinating with centralized exchanges (CEX) to freeze any transferred funds. However, users expressed dismay over the hack, with one urging others to refrain from further investment in the project to avoid additional losses. Another user raised concerns about a potential hidden loophole in the contract, questioning whether it was intentional or unintentional on the part of the developer.
Prior to the minting attack, Grand Base had imposed a maximum token cap of 50 million GB tokens. Launched less than five months ago, the Grand Base tokenization protocol enables users to deposit collateral, mint real-world assets in the form of ERC-20 tokens, and provide liquidity to tokenized assets to earn rewards.
