Base asset tokenization protocol loses $1.7M due to private key leak


Real-world asset tokenization protocol Grand Base (GB), which operates on Coinbase’s native layer-2 blockchain, has suffered $1.7 million in losses after a private key compromise.

“On April 15 at 03:01:27 AM +UTC, an exploit happened on our contracts,” wrote an admin in the protocol’s Telegram chat. “For this specific reason, we urge all our community members to stay away from this contract as it is not safe anymore.”

According to blockchain analytics firm PeckShield, the private key leak resulted in the theft of $1.7 million in tokens from its liquidity pools, which have since been swapped on-chain for Ether (ETH) and sent to an external address. Simultaneously, the protocol’s native token lost 99% of its value in the past 24 hours due to the incident. 

The Grand Base Telegram admin reiterated that “this token contract is NOT safe anymore and you should NOT swap or interact with it, stay safe. We will update you asap on the next step.”

In a follow-up analysis by blockchain analytics firm CertiK, it appears that the hacker gained control of Grand Base deployer contracts and subsequently minted an excess number of GB tokens without authorization before withdrawing them.

A subsequent post from Grand Base staff claims that developers have “tracked all the wallets of the hacker” and are awaiting the next move. “We are in talks with CEXs [centralized exchanges] to freeze any funds that he might move,” Grand Base staff added.

Grand Base’s description of the attack. Source: Telegram

Users were not impressed with the news of the Monday hack.

“I’m very sorry for everyone involved here,” one user wrote in Grand Base’s Telegram chat. “Please, don’t lose more money here. Abandon this and don’t deposit a single dollar more into this thing, whatever happens.”

“There are hidden loopholes in this contract,” another user alleged. “The total balance does not show any changes, and it belongs to hidden loopholes. Do you know if it was intentional by dev or not?” they added. Before the minting attack, Grand Base had a maximum GB token cap of 50 million.

The Grand Base tokenization protocol was launched less than five months ago. It allowed users to deposit collateral to mint real-world assets in the form of ERC-20 tokens and provided liquidity for the tokenized assets to earn rewards. 

Related: This platform aims to make seamless RWA tokenization possible