If this continues, the $BNB developer conference won't even be able to open in North Korea, we have to go to Northern Myanmar 😂
I. Core Overview of the Incident
Time and Platform: On the evening of September 24, Griffin AI (GAIN) was launched on Binance Alpha; on the morning of September 25, an abnormal issuance occurred on the BSC chain, followed by a crash in the PancakeSwap V3 pool.
Key Data: The total planned supply of GAIN was 1 billion tokens, with a circulation of 235 million tokens. After the abnormal issuance, the total supply reached 5.298 billion tokens; the price plummeted nearly 95% within 1 hour, reaching a low of $0.004185.
II. Reasons and Process of Attack
Exploitation: According to GoPlus analysis, GAIN was attacked due to a LayerZero Peer configuration error. The attacker initialized an additional Peer on the ETH chain to mint tokens, bypassing cross-chain verification, and then issued 5 billion GAIN tokens on the BSC chain (similar to the previous Yala attack).
Funding operation:
The malicious address was created 11 hours before the incident, and the funds originated from 13 hours ago through Tornado, receiving ETH and cross-chain exchanging it for BNB.
After the increase in issuance, continuous selling began 22 minutes later. After making a profit, 2955 BNB (approximately 3 million USD) was cross-chained to networks such as Solana and Ethereum, and an additional 500 ETH (approximately 2.05 million USD) was transferred to Tornado Cash.
